From fbe3f145534e37b8f2d56837b80ad0371f44b587 Mon Sep 17 00:00:00 2001
From: joonicks <god@joonicks.eu>
Date: Thu, 28 May 2020 01:45:04 +0200
Subject: [PATCH] updated esay buffer overflow fix

---
 src/vars.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/vars.c b/src/vars.c
index b7ab3ba..dfc6a88 100644
--- a/src/vars.c
+++ b/src/vars.c
@@ -313,7 +313,7 @@ void do_esay(COMMAND_ARGS)
 	char	c,*chp;
 	int	i,n;
 
-	ec_end = output + MSGLEN - 20;
+	ec_end = output + MSGLEN - 50;
 	ec_src = rest;
 	rest = STREND(rest);
 	ec_dest = output;
@@ -324,7 +324,9 @@ void do_esay(COMMAND_ARGS)
 	{
 		if (*ec_src != '$')
 		{
-			*(ec_dest++) = *(ec_src++);
+			if (ec_dest < ec_end)
+				*(ec_dest++) = *(ec_src);
+			ec_src++;
 			continue;
 		}
 		for(i=0;ecmd[i].len;i++)
@@ -350,7 +352,9 @@ void do_esay(COMMAND_ARGS)
 		}
 		if (!ecmd[i].len)
 		{
-			*(ec_dest++) = *(ec_src++);
+			if (ec_dest < ec_end)
+				*(ec_dest++) = *(ec_src);
+			ec_src++;
 		}
 	}
 	*ec_dest = 0;