From 294452cd43f2d02058e51ab623b622cf9ae5feb0 Mon Sep 17 00:00:00 2001
From: Klaus Schmidinger <vdr@tvdr.de>
Date: Mon, 6 May 2019 12:03:59 +0200
Subject: [PATCH] Fixed a compiler warning and a possible buffer overflow in
 cCiMMI::SendAnswer()

---
 HISTORY |  1 +
 ci.c    | 11 +++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/HISTORY b/HISTORY
index de875b27..91e84e4b 100644
--- a/HISTORY
+++ b/HISTORY
@@ -9398,3 +9398,4 @@ Video Disk Recorder Revision History
 - Fixed updating the checksum in the CA table after mapping EMM PIDs for MTD (thanks to
   Helmut Binder).
 - Fixed a compiler warning in ExchangeChars() (thanks to Helmut Binder).
+- Fixed a compiler warning and a possible buffer overflow in cCiMMI::SendAnswer().
diff --git a/ci.c b/ci.c
index 88194986..8c4d7c6b 100644
--- a/ci.c
+++ b/ci.c
@@ -4,7 +4,7 @@
  * See the main source file 'vdr.c' for copyright information and
  * how to reach the author.
  *
- * $Id: ci.c 4.24 2019/05/05 14:15:56 kls Exp $
+ * $Id: ci.c 4.25 2019/05/06 11:47:42 kls Exp $
  */
 
 #include "ci.h"
@@ -1591,9 +1591,12 @@ bool cCiMMI::SendAnswer(const char *Text)
   struct tAnswer { uint8_t id; char text[256]; };//XXX
   tAnswer answer;
   answer.id = Text ? AI_ANSWER : AI_CANCEL;
-  if (Text)
-     strncpy(answer.text, Text, sizeof(answer.text));
-  SendData(AOT_ANSW, Text ? strlen(Text) + 1 : 1, (uint8_t *)&answer);
+  int len = 0;
+  if (Text) {
+     len = min(sizeof(answer.text), strlen(Text));
+     memcpy(answer.text, Text, len);
+     }
+  SendData(AOT_ANSW, len + 1, (uint8_t *)&answer);
   return true;
 }