Merge pull request #738 from ennorehling/master

BUG 2381: parse_token overrun.

src/util/parser.c

@@ -177,11 +177,15 @@ char *parse_token(const char **str, char *lbuf, size_t buflen)
                 ++ctoken;
             }
             else {
-                *cursor++ = *ctoken++;
+                if (cursor - buflen < lbuf - len) {
+                    *cursor++ = *ctoken++;
+                }
             }
         }
         else if (utf8_character == SPACE_REPLACEMENT) {
-            *cursor++ = ' ';
+            if (cursor - buflen < lbuf - len) {
+                *cursor++ = ' ';
+            }
             ++ctoken;
         }
         else if (utf8_character == ESCAPE_CHAR) {

src/util/parser.test.c

@@ -28,6 +28,15 @@ static void test_parse_token(CuTest *tc) {
     CuAssertPtrEquals(tc, NULL, (void *)tok);
 }
 
+static void test_parse_token_bug_2381(CuTest *tc) {
+    const char *stok, *s = "Bitte~wechselt~auf~die~trireme~3im9,~sobald~eine~Crew~da~ist,~geht~es~los~:)";
+    char token[64];
+
+    stok = s;
+    stok = parse_token(&stok, token, sizeof(token));
+    CuAssertTrue(tc, strlen(token) < sizeof(token));
+}
+
 static void test_parse_token_limit(CuTest *tc) {
     char lbuf[8];
     const char *tok;
@@ -117,6 +126,7 @@ CuSuite *get_parser_suite(void)
     SUITE_ADD_TEST(suite, test_atoip);
     SUITE_ADD_TEST(suite, test_skip_token);
     SUITE_ADD_TEST(suite, test_parse_token);
+    SUITE_ADD_TEST(suite, test_parse_token_bug_2381);
     SUITE_ADD_TEST(suite, test_parse_token_limit);
     SUITE_ADD_TEST(suite, test_parse_token_limit_utf8);
     SUITE_ADD_TEST(suite, test_gettoken);