Lookups: fix dbmnz crash on zero-length datum. Bug 3079

[exim.git] / src / src / lookups / dbmdb.c

diff --git a/src/src/lookups/dbmdb.c b/src/src/lookups/dbmdb.c
index 95f31bc160a4a2a02097b6530b90b211901a1c38..96665b6e4e68d7204b29db0e1fb16409a1b8623a 100644 (file)
--- a/src/src/lookups/dbmdb.c
+++ b/src/src/lookups/dbmdb.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 
 #include "../exim.h"
 #include "lf_functions.h"
@@ -94,12 +95,15 @@ EXIM_DATUM key, data;
 
 exim_datum_init(&key);               /* Some DBM libraries require datums to */
 exim_datum_init(&data);              /* be cleared before use. */
-exim_datum_data_set(&key, string_copyn(keystring, length));
-exim_datum_size_set(&key, length + 1);
+length++;
+exim_datum_data_set(&key,
+  memcpy(store_get(length, keystring), keystring, length)); /* key can have embedded NUL */
+exim_datum_size_set(&key, length);
 
 if (exim_dbget(d, &key, &data))
   {
-  *result = string_copyn(exim_datum_data_get(&data), exim_datum_size_get(&data));
+  unsigned len = exim_datum_size_get(&data);
+  *result = len > 0 ? string_copyn(exim_datum_data_get(&data), len) : US"";
   exim_datum_free(&data);            /* Some DBM libraries need a free() call */
   return OK;
   }
@@ -280,3 +284,5 @@ static lookup_info *_lookup_list[] = { &dbm_lookup_info, &dbmz_lookup_info, &dbm
 lookup_module_info dbmdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 3 };
 
 /* End of lookups/dbmdb.c */
+/* vi: aw ai sw=2
+*/