bugfix: some slightly invalid memory accesses

3 files changed, 16 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 9f955eea..c96cb874 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ Version 3.12.4 (rgerhards), 2008-03-??
 - bugfix: potential segfault on module unload. Thanks to varmojfekoj for
   the patch
 - bugfix: fixed some minor memory leaks
+- bugfix: some slightly invalid memory accesses
 ---------------------------------------------------------------------------
 Version 3.12.3 (rgerhards), 2008-03-18
 - added advanced flow control for congestion cases (mode depending on message
diff --git a/cfsysline.c b/cfsysline.c
index 8f0439ed..1fd03a46 100644
--- a/cfsysline.c
+++ b/cfsysline.c
@@ -456,7 +456,7 @@ getWord(uchar **pp, cstr_t **ppStrB)
 
 	ASSERT(pp != NULL);
 	ASSERT(*pp != NULL);
-	ASSERT(*ppStrB != NULL);
+	ASSERT(ppStrB != NULL);
 
 	CHKiRet(rsCStrConstruct(ppStrB));
 
diff --git a/conf.c b/conf.c
index 49bce213..f88216ef 100644
--- a/conf.c
+++ b/conf.c
@@ -375,6 +375,7 @@ processConfFile(uchar *pConfFile)
 	uchar *p;
 	uchar cbuf[BUFSIZ];
 	uchar *cline;
+	int i;
 	ASSERT(pConfFile != NULL);
 
 	if((cf = fopen((char*)pConfFile, "r")) == NULL) {
@@ -398,8 +399,19 @@ processConfFile(uchar *pConfFile)
 		if (*p == '\0' || *p == '#')
 			continue;
 
-		strcpy((char*)cline, (char*)p);
-		for (p = (uchar*) strchr((char*)cline, '\0'); isspace((int) *--p););
+		/* we now need to copy the characters to the begin of line. As this overlaps,
+		 * we can not use strcpy(). -- rgerhards, 2008-03-20
+		 * TODO: review the code at whole - this is highly suspect (but will go away
+		 * once we do the rest of RainerScript).
+		 */
+		/* was: strcpy((char*)cline, (char*)p); */
+		for( i = 0 ; p[i] != '\0' ; ++i) {
+			cline[i] = p[i];
+		}
+		cline[i] = '\0';
+
+		for (p = (uchar*) strchr((char*)cline, '\0'); isspace((int) *--p);)
+			/*EMPTY*/;
 		if (*p == '\\') {
 			if ((p - cbuf) > BUFSIZ - 30) {
 				/* Oops the buffer is full - what now? */