Bug2 Crash found in router

[stuartly]

I try to fuzz router and find crashes, the debug info indicated that the crash is caused at config.c:180.

The debug infor is as below:
(gdb) r -c FUZZ/afl-output/crashes/id:000004,sig:11,src:000165,op:havoc,rep:16
Starting program: /home/stly/Documents/FuzzTarget/jabberd2/router/router -c FUZZ/afl-output/crashes/id:000004,sig:11,src:000165,op:havoc,rep:16
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
__strncpy_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:241
241 ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0 __strncpy_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:241
#1 0x000000000042a434 in config_load_with_id (c=,
file=, id=) at config.c:180
#2 0x6565656565656565 in ?? ()
#3 0x6565656565656565 in ?? ()
#4 0x6565656565656565 in ?? ()
#5 0x6565656565656565 in ?? ()
#6 0x6565656565656565 in ?? ()
#7 0x6565656565656565 in ?? ()
#8 0x6565656565656565 in ?? ()
#9 0x6565656565656565 in ?? ()
#10 0x6565656565656565 in ?? ()
#11 0x6565656565656565 in ?? ()
#12 0x6565656565656565 in ?? ()

Furthermore, I check the code of config.c:180. The size of buf is 1024, in the for loop, a buffer overflow may happy if the total size of path[i]->lname is larger then 1024.

/* construct the key from the current path */
177 next = buf;
178 for(j = 1; j < len; j++)
179 {
180 strncpy(next, bd.nad->cdata + path[j]->iname, path[j]->lname);
181 next = next + path[j]->lname;
182 *next = '.';
183 next++;
184 }

Attachment is the test case to trigger the crash, please check it, thanks

id:000004,sig:11,src:000165,op:havoc,rep:16.tar.gz