From 97b1e9813e532b9065a841f2d185d632df19bf7a Mon Sep 17 00:00:00 2001
From: Holger Schemel <info@artsoft.org>
Date: Fri, 24 Sep 2021 16:07:20 +0200
Subject: [PATCH] improved robustness of client/server encoding functions

---
 src/libgame/http.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/libgame/http.c b/src/libgame/http.c
index f677d71c..b494ac42 100644
--- a/src/libgame/http.c
+++ b/src/libgame/http.c
@@ -37,7 +37,9 @@ void ConvertHttpRequestBodyToServerEncoding(struct HttpRequest *request)
 {
   char *body_utf8 = getUTF8FromLatin1(request->body);
 
-  strcpy(request->body, body_utf8);
+  strncpy(request->body, body_utf8, MAX_HTTP_BODY_SIZE);
+  request->body[MAX_HTTP_BODY_SIZE] = '\0';
+
   checked_free(body_utf8);
 }
 
@@ -45,10 +47,12 @@ void ConvertHttpResponseBodyToClientEncoding(struct HttpResponse *response)
 {
   char *body_latin1 = getLatin1FromUTF8(response->body);
 
-  strcpy(response->body, body_latin1);
-  checked_free(body_latin1);
+  strncpy(response->body, body_latin1, MAX_HTTP_BODY_SIZE);
+  response->body[MAX_HTTP_BODY_SIZE] = '\0';
 
   response->body_size = strlen(response->body);
+
+  checked_free(body_latin1);
 }
 
 static void SetHttpResponseToDefaults(struct HttpResponse *response)
-- 
2.34.1