squark-filter, squark-auth-ip: avoid overflow of login_name buffer

1 files changed, 3 insertions, 1 deletions

diff --git a/src/squark-filter.c b/src/squark-filter.c
index b938355..827540e 100644
--- a/src/squark-filter.c
+++ b/src/squark-filter.c
@@ -434,11 +434,13 @@ static void read_input(struct sqdb *db)
 			} else {
 				if (authdb_check_login(token, &entry, username, now, &adbc)) {
 					auth_ok = 1;
-					username = BLOB_STRLEN(entry.p.login_name);
+					username = BLOB_CHAR_ARRAY(entry.p.login_name);
 				} else if ((!adbc.require_auth) ||
 					   (!blob_is_null(username) && blob_cmp(username, dash) != 0)) {
 					auth_ok = 1;
 					authdb_clear_entry(&entry);
+					if (username.len > sizeof(entry.p.login_name))
+						username.len = sizeof(entry.p.login_name); /* avoid buffer overflow */
 					memcpy(entry.p.login_name, username.ptr, username.len);
 					authdb_commit_login(token, &entry, now, &adbc);
 				} else {