Blob Blame Raw
This is a backport of
https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0

The patch is mentioned in http://seclists.org/oss-sec/2015/q3/651 as fixing
potential overflows.

diff --git a/master/master.c b/master/master.c
index 3886441..455548b 100644
--- a/master/master.c
+++ b/master/master.c
@@ -197,13 +197,15 @@ void event_free(struct event *a)
     free(a);
 }
 
-void get_prog(char *path, unsigned size, char *const *cmd)
+void get_prog(char *path, size_t size, char *const *cmd)
 {
+    if (!size) return;
     if (cmd[0][0] == '/') {
-	/* master lacks strlcpy, due to no libcyrus */
-	snprintf(path, size, "%s", cmd[0]);
+        /* master lacks strlcpy, due to no libcyrus */
+        strncpy(path, cmd[0], size - 1);
     }
     else snprintf(path, size, "%s/%s", SERVICE_PATH, cmd[0]);
+    path[size-1] = '\0';
 }
 
 void get_statsock(int filedes[2])