From 588242f68e54f2503bceffaca8816707928447ec Mon Sep 17 00:00:00 2001
From: Dan Cross <patchdev@fat-dragon.org>
Date: Mon, 15 Oct 2018 14:37:50 +0000
Subject: [PATCH] Squash use of strncat(). Replaced by strlcat().

Note that the calls to strncat() did not account for the
NUL terminating byte, and for very long queries could have
led to a buffer overrun.

Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
---
 src/files.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/files.c b/src/files.c
index 5fa538c..bc9491e 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1229,29 +1229,29 @@ void file_search() {
 		searchterms[i] = str3dup("%%", searchterms[i], "%%");
 	}
 	if (stype == 0) {
-		snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
+		snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR filename LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, ")", 1024);
+		strlcat(sqlbuffer, ")", sizeof sqlbuffer);
 	}
 	if (stype == 1) {
-		snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
+		snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR description LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, ")", 1024);
+		strlcat(sqlbuffer, ")", sizeof sqlbuffer);
 	}
 	if (stype == 2) {
-		snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
+		snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR filename LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, " OR description LIKE ?", 1024);
+		strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
 		for (i = 1; i < searchterm_count; i++) {
-			strncat(sqlbuffer, " OR description LIKE ?", 1024);
+			strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
 		}
-		strncat(sqlbuffer, ")", 1024);
+		strlcat(sqlbuffer, ")", sizeof sqlbuffer);
 	}
 
 	if (!all) {