From a641a26327e04016dfd62e1cb1f2141b9364631b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?louiz=E2=80=99?= <louiz@louiz.org>
Date: Thu, 2 Jun 2016 16:03:28 +0200
Subject: Check the length of the JID parts when copying into the jidprep
 buffer

We trust the XMPP server, but maybe not enough to not check that
---
 louloulibs/xmpp/jid.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'louloulibs/xmpp')

diff --git a/louloulibs/xmpp/jid.cpp b/louloulibs/xmpp/jid.cpp
index dcd7012..7b62f3e 100644
--- a/louloulibs/xmpp/jid.cpp
+++ b/louloulibs/xmpp/jid.cpp
@@ -47,7 +47,7 @@ std::string jidprep(const std::string& original)
   Jid jid(original);
 
   char local[max_jid_part_len] = {};
-  memcpy(local, jid.local.data(), jid.local.size());
+  memcpy(local, jid.local.data(), std::min(max_jid_part_len, jid.local.size()));
   Stringprep_rc rc = static_cast<Stringprep_rc>(::stringprep(local, max_jid_part_len,
                      static_cast<Stringprep_profile_flags>(0), stringprep_xmpp_nodeprep));
   if (rc != STRINGPREP_OK)
@@ -57,7 +57,7 @@ std::string jidprep(const std::string& original)
   }
 
   char domain[max_jid_part_len] = {};
-  memcpy(domain, jid.domain.data(), jid.domain.size());
+  memcpy(domain, jid.domain.data(), std::min(max_jid_part_len, jid.domain.size()));
   rc = static_cast<Stringprep_rc>(::stringprep(domain, max_jid_part_len,
        static_cast<Stringprep_profile_flags>(0), stringprep_nameprep));
   if (rc != STRINGPREP_OK)
@@ -81,7 +81,7 @@ std::string jidprep(const std::string& original)
 
   // Otherwise, also process the resource part
   char resource[max_jid_part_len] = {};
-  memcpy(resource, jid.resource.data(), jid.resource.size());
+  memcpy(resource, jid.resource.data(), std::min(max_jid_part_len, jid.resource.size()));
   rc = static_cast<Stringprep_rc>(::stringprep(resource, max_jid_part_len,
        static_cast<Stringprep_profile_flags>(0), stringprep_xmpp_resourceprep));
   if (rc != STRINGPREP_OK)
-- 
cgit v1.2.3