From 06f53854e2bf04c2130b3c2a03f28fce772eb102 Mon Sep 17 00:00:00 2001
From: Michiel Broek <mbse@mbse.eu>
Date: Wed, 16 May 2007 19:41:39 +0000
Subject: [PATCH] Fixed a buffer overflow when processing TIC files with a lot
 of garabage in it

---
 ChangeLog    | 2 ++
 mbfido/tic.c | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 49eab785..a277bdfd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,8 @@ v0.91.8		26-Apr-2007
 		Added mbtask commands to update the MIB counters.
 		Fixed mbfile import with too many description lines in
 		files.bbs
+		Fixed a buffer overflow when processing TIC files with a lot
+		of garbage in it.
 
 	mbnewusr:
 		Fixed loading default language for new user.
diff --git a/mbfido/tic.c b/mbfido/tic.c
index b1e3b4c3..5a351735 100644
--- a/mbfido/tic.c
+++ b/mbfido/tic.c
@@ -375,8 +375,10 @@ int LoadTic(char *inb, char *tfn, orphans **opl)
 	     * If we didn't find a matching keyword it is a line we
 	     * will just remember and forward if there are downlinks.
 	     */
-	    if (TIC.TicIn.Unknowns < 25) {
-		strcpy(TIC.TicIn.Unknown[TIC.TicIn.Unknowns], Temp);
+	    if (strlen(Temp) > 127) {
+		Syslog('+', "Unknown too long TIC line dropped");
+	    } else if (TIC.TicIn.Unknowns < 25) {
+		strncpy(TIC.TicIn.Unknown[TIC.TicIn.Unknowns], Temp, 127);
 		TIC.TicIn.Unknowns++;
 	    }
 	}