From 9e07dd71679b93852528efb41ac51ec2423f394b Mon Sep 17 00:00:00 2001
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Mon, 10 Dec 2012 13:29:18 +0100
Subject: cli, tcp: Fix non-NULL terminated string reception

NULL terminate commands received in cln_read(). This ensures that the
processing loop can safely call strchr(), or any other string handling
functions.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
 accel-pppd/cli/tcp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/accel-pppd/cli/tcp.c b/accel-pppd/cli/tcp.c
index da28ff72..48fa01a2 100644
--- a/accel-pppd/cli/tcp.c
+++ b/accel-pppd/cli/tcp.c
@@ -144,7 +144,7 @@ static int cln_read(struct triton_md_handler_t *h)
 	char *d;
 
 	while (1) {
-		n = read(h->fd, cln->cmdline + cln->recv_pos, RECV_BUF_SIZE - cln->recv_pos);
+		n = read(h->fd, cln->cmdline + cln->recv_pos, RECV_BUF_SIZE - 1 - cln->recv_pos);
 		if (n == 0)
 			break;
 		if (n < 0) {
@@ -154,11 +154,12 @@ static int cln_read(struct triton_md_handler_t *h)
 		}
 
 		cln->recv_pos += n;
-		
+		cln->cmdline[cln->recv_pos] = '\0';
+
 		while (cln->recv_pos) {
 			d = strchr((char *)cln->cmdline, '\n');
 			if (!d) {
-				if (cln->recv_pos == RECV_BUF_SIZE) {
+				if (cln->recv_pos == RECV_BUF_SIZE - 1) {
 					log_warn("cli: tcp: recv buffer overflow\n");
 					goto drop;
 				}
-- 
cgit v1.2.3