From e8fa2f666ab7334ec8973e04c967ab3efd62a5d3 Mon Sep 17 00:00:00 2001
From: Michael Jones <jonesmz@users.noreply.github.com>
Date: Mon, 27 May 2024 15:47:54 -0500
Subject: [PATCH] Avoid read-past-end of string in get_bold_admin_title (#1499)

---
 src/apps/relay/turn_admin_server.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c
index 8d38bdd..0411fcb 100644
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@@ -1533,11 +1533,12 @@ static ioa_socket_handle current_socket = NULL;
 
 static char *get_bold_admin_title(void) {
   static char sbat[1025];
-  strncpy(sbat, __bold_admin_title, sizeof(sbat));
+  strncpy(sbat, __bold_admin_title, sizeof(sbat) - 1);
+  sbat[sizeof(sbat) - 1] = '\0';
 
   if (current_socket && current_socket->special_session) {
     struct admin_session *as = (struct admin_session *)current_socket->special_session;
-    if (as->as_ok) {
+    if (as && as->as_ok) {
       if (as->as_login[0]) {
         char *dst = sbat + strlen(sbat);
         snprintf(dst, ADMIN_USER_MAX_LENGTH * 2 + 2, " admin user: <b><i>%s</i></b><br>\r\n", as->as_login);