commit - 0eb7ad58d02221b5abb79830176fb5b01e789e1e
commit + 87ce4379e8c6a158709456c218ecfba35b4fdef5
blob - d53ef7fb6e36b0006b753b3b904f9f5c01bbcf09
blob + 77d2d085802e4d74401cd3e98e011f82bca32abb
--- ChangeLog
+++ ChangeLog
@@ -12,6 +12,8 @@
 
 ngircd 0.8.x (CVS)
 
+  - Fixed a possible buffer underrun when reading the MOTD file. Thanks
+    to Florian Westphal, <westphal@foo.fh-furtwangen.de>.
   - Fixed detection of IRC lines which are too long to send. Detected by
     Florian Westphal, <westphal@foo.fh-furtwangen.de>.
   - Fixed return values of our own implementation of strlcpy(). The code has
@@ -549,4 +551,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: ChangeLog,v 1.233.2.13 2005/01/19 23:35:42 alex Exp $
+$Id: ChangeLog,v 1.233.2.14 2005/01/24 14:22:30 alex Exp $
blob - 7270c01420832ff7d5c01577f57261adf478d407
blob + 8429b76d6ea1509769058c01e22963ae04cdccd3
--- src/ngircd/irc-info.c
+++ src/ngircd/irc-info.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-info.c,v 1.21.2.1 2004/05/07 11:24:18 alex Exp $";
+static char UNUSED id[] = "$Id: irc-info.c,v 1.21.2.2 2005/01/24 14:22:30 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -770,6 +770,7 @@ IRC_Show_MOTD( CLIENT *Client )
 	BOOLEAN ok;
 	CHAR line[127];
 	FILE *fd;
+	UINT line_len;
 
 	assert( Client != NULL );
 
@@ -790,8 +791,12 @@ IRC_Show_MOTD( CLIENT *Client )
 	if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
 	while( TRUE )
 	{
-		if( ! fgets( line, 126, fd )) break;
-		if( line[strlen( line ) - 1] == '\n' ) line[strlen( line ) - 1] = '\0';
+		if( ! fgets( line, sizeof( line ), fd )) break;
+
+		line_len = strlen( line );
+		if( line_len > 0 ) line_len--;
+		if( line[line_len] == '\n' ) line[line_len] = '\0';
+
 		if( ! IRC_WriteStrClient( Client, RPL_MOTD_MSG, Client_ID( Client ), line ))
 		{
 			fclose( fd );