From ce9f225cdc4df2e3f2122b67e297b9f4aef1edb7 Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Wed, 29 Aug 2007 13:58:57 +0000 Subject: [PATCH] Guard against buffer overflow in moan_check_errorcopy(). --- doc/doc-txt/ChangeLog | 4 +++- src/src/moan.c | 7 ++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index fd10f7b3c..6a3999827 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.527 2007/08/23 11:01:49 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.528 2007/08/29 13:58:57 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -97,6 +97,8 @@ PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle PH/21 Added message_body_newlines option. +PH/22 Guard against possible overflow in moan_check_errorcopy(). + Exim version 4.67 ----------------- diff --git a/src/src/moan.c b/src/src/moan.c index 5ef5fe42c..0080e57be 100644 --- a/src/src/moan.c +++ b/src/src/moan.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/moan.c,v 1.8 2007/02/06 11:11:40 ph10 Exp $ */ +/* $Cambridge: exim/src/src/moan.c,v 1.9 2007/08/29 13:58:57 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -610,10 +610,7 @@ while ((item = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))) if (match_address_list(recipient, TRUE, TRUE, &pattern, NULL, 0, UCHAR_MAX+1, NULL) == OK) { - uschar temp[256]; - Ustrncpy(temp, localpart, llen); - temp[llen] = 0; - deliver_localpart = temp; + deliver_localpart = string_copyn(localpart, llen); deliver_domain = domain; yield = expand_string_copy(newaddress); deliver_domain = deliver_localpart = NULL; -- 2.25.1