diff --git a/plugins/generic-sessions/protocol_generic_sessions.c b/plugins/generic-sessions/protocol_generic_sessions.c index 9e246b11..7dc31b28 100644 --- a/plugins/generic-sessions/protocol_generic_sessions.c +++ b/plugins/generic-sessions/protocol_generic_sessions.c @@ -418,7 +418,8 @@ callback_generic_sessions(struct lws *wsi, enum lws_callback_reasons reason, pss->login_session.id[0] = '\0'; pss->phs.pos = 0; - strncpy(pss->onward, (char *)in, sizeof(pss->onward)); + strncpy(pss->onward, (char *)in, sizeof(pss->onward) - 1); + pss->onward[sizeof(pss->onward) - 1] = '\0'; if (!strcmp((const char *)in, "/lwsgs-forgot")) { lwsgs_handler_forgot(vhd, wsi, pss); @@ -512,9 +513,10 @@ callback_generic_sessions(struct lws *wsi, enum lws_callback_reasons reason, sqlite3_errmsg(vhd->pdb)); break; } - strncpy(sinfo->username, u.username, sizeof(sinfo->username)); - strncpy(sinfo->email, u.email, sizeof(sinfo->email)); - strncpy(sinfo->session, sid.id, sizeof(sinfo->session)); + strncpy(sinfo->username, u.username, sizeof(sinfo->username) - 1); + sinfo->username[sizeof(sinfo->username) - 1] = '\0'; + strncpy(sinfo->email, u.email, sizeof(sinfo->email) - 1); + strncpy(sinfo->session, sid.id, sizeof(sinfo->session) - 1); sinfo->mask = lwsgs_get_auth_level(vhd, username); lws_get_peer_simple(wsi, sinfo->ip, sizeof(sinfo->ip)); }