silc_utf8_strncasecmp reads outside of buffer

[Ray Lai]

silc_utf8_strncasecmp does a strlen(3) on strings with no regard to the
length even though it is given one.  silc_client_nickname_format()
passes non-NUL-terminated strings to silc_utf8_strncasecmp().  This
leads to an overread and can crash silc.

This should fix the bug reported in:

http://lists.silcnet.org/pipermail/silc-devel/2005-November/001730.html
http://lists.silcnet.org/pipermail/silc-devel/2005-November/001731.html

-Ray-

--- silcutf8.c.orig	Sun Apr  3 08:27:33 2005
+++ silcutf8.c	Tue Aug 29 15:40:51 2006
@@ -565,15 +565,19 @@ bool silc_utf8_strncasecmp(const char *s
   if (s1 == s2)
     return TRUE;
 
+  s1u = memchr(s1, '\0', n);
+  s1u_len = (s1u == NULL) ? n : (s1u - (unsigned char *)s1);
   /* Casefold and normalize */
-  status = silc_stringprep(s1, strlen(s1), SILC_STRING_UTF8,
+  status = silc_stringprep(s1, s1u_len, SILC_STRING_UTF8,
 			   SILC_IDENTIFIERC_PREP, 0, &s1u,
 			   &s1u_len, SILC_STRING_UTF8);
   if (status != SILC_STRINGPREP_OK)
     return FALSE;
 
+  s2u = memchr(s2, '\0', n);
+  s2u_len = (s2u == NULL) ? n : (s2u - (unsigned char *)s2);
   /* Casefold and normalize */
-  status = silc_stringprep(s2, strlen(s2), SILC_STRING_UTF8,
+  status = silc_stringprep(s2, s2u_len, SILC_STRING_UTF8,
 			   SILC_IDENTIFIERC_PREP, 0, &s2u,
 			   &s2u_len, SILC_STRING_UTF8);
   if (status != SILC_STRINGPREP_OK)