imc: reserve last char in global buffer for ending zero

src/modules/imc/imc_cmd.c

@@ -960,7 +960,8 @@ int imc_handle_members(struct sip_msg* msg, imc_cmd_t *cmd,
 	}
 
 	p = imc_body_buf;
-	left = sizeof(imc_body_buf);
+	imc_body_buf[IMC_BUF_SIZE - 1] = '\0';
+	left = sizeof(imc_body_buf) - 1;
 
 	memcpy(p, MEMBERS, sizeof(MEMBERS) - 1);
 	p += sizeof(MEMBERS) - 1;
@@ -975,22 +976,22 @@ int imc_handle_members(struct sip_msg* msg, imc_cmd_t *cmd,
 		}
 
 		if (imp->flags & IMC_MEMBER_OWNER) {
-			if (left < 1) goto overrun;
+			if (left < 2) goto overrun;
 			*p++ = '*';
 			left--;
 		} else if (imp->flags & IMC_MEMBER_ADMIN) {
-			if (left < 1) goto overrun;
+			if (left < 2) goto overrun;
 			*p++ = '~';
 			left--;
 		}
 
 		name = format_uri(imp->uri);
-		if (left < name->len) goto overrun;
+		if (left < name->len + 1) goto overrun;
 		strncpy(p, name->s, name->len);
 		p += name->len;
 		left -= name->len;
 
-		if (left < 1) goto overrun;
+		if (left < 2) goto overrun;
 		*p++ = '\n';
 		left--;