GitLab

Hi,

It seems that the strncpy function is used to copy the config filename
(currently at line 94 of main.c). The manual page says that this function may
not add the terminating nul byte if there's none in the source string. It seems
it's possible to pass a filename which is longer than 256 bytes with no nul, and
later on strdup is called on this filename (config.c) which may lead to
arbitrary long memory allocation and maybe other problems (security?)

adding "filename[255] = '\0';" after the initial strncpy should solve the problem.