Guard against buffer overflow in moan_check_errorcopy().

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index fd10f7b3c5a624b0426bc6f42db5384454824ae2..6a399982720fe76df4a3d114dc52d41d19de96dc 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.527 2007/08/23 11:01:49 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.528 2007/08/29 13:58:57 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -97,6 +97,8 @@ PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
 
 PH/21 Added message_body_newlines option.
 
+PH/22 Guard against possible overflow in moan_check_errorcopy().
+
 
 Exim version 4.67
 -----------------

diff --git a/src/src/moan.c b/src/src/moan.c
index 5ef5fe42c3049ca508d573b204d740bdc06f6e34..0080e57be5ae986138fbbe2b7ee8fa4c93fa43d2 100644 (file)
--- a/src/src/moan.c
+++ b/src/src/moan.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/moan.c,v 1.8 2007/02/06 11:11:40 ph10 Exp $ */
+/* $Cambridge: exim/src/src/moan.c,v 1.9 2007/08/29 13:58:57 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -610,10 +610,7 @@ while ((item = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))
   if (match_address_list(recipient, TRUE, TRUE, &pattern, NULL, 0, UCHAR_MAX+1,
         NULL) == OK)
     {
-    uschar temp[256];
-    Ustrncpy(temp, localpart, llen);
-    temp[llen] = 0;
-    deliver_localpart = temp;
+    deliver_localpart = string_copyn(localpart, llen);
     deliver_domain = domain;
     yield = expand_string_copy(newaddress);
     deliver_domain = deliver_localpart = NULL;