fix: heap buffer overflow in acmp pm

[airween]

what

This PR fixes a possible heap buffer overflow in ACMP (Aho Corasick) pattern matching function.

why

There is a bug report, received in email from @fumfel and his team. Also they provided this fix.

references

The original report:

Root Cause
----------

The function acmp_add_pattern() receives a pattern and its length as
separate parameters: (const char *pattern, size_t length). However, the
code uses strlen(pattern) instead of length to determine buffer sizes.

When pattern contains embedded null bytes (which is valid -- the length
parameter accounts for them), strlen() returns the offset of the first
null byte, which is shorter than the actual length. The buffer allocated
is too small, and subsequent operations (the for loop copying text, and
strcpy copying pattern) write past the end of the heap allocation.

other notes

The bug can only be exploited if the admin puts a \0 character into an argument of any @pm (or similar) operator.

[Copilot]

Pull request overview

This PR fixes a potential heap buffer overflow in the ACMP (Aho–Corasick) pattern insertion path by ensuring allocations and copies use the provided pattern length (not strlen()), which correctly supports patterns containing embedded NUL bytes.

Changes:

• Replace strlen(pattern)-based allocations with length-based allocations in acmp_add_pattern.
• Replace strcpy with memcpy and add explicit NUL-termination to avoid overruns with embedded NULs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
2 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud