Auths: fix possible OOB write in SPA authenticator. Bug 3000

[exim.git] / src / src / auths / external.c

diff --git a/src/src/auths/external.c b/src/src/auths/external.c
index d66407a9aef7b39b5e5180aebbd3ef692acf12c3..790b9815902fa8897404265fcd406d4040b1f455 100644 (file)
--- a/src/src/auths/external.c
+++ b/src/src/auths/external.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) Jeremy Harris 2019 */
+/* Copyright (c) Jeremy Harris 2019-2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* This file provides an Exim authenticator driver for
@@ -103,7 +103,7 @@ if (expand_nmax == 0)       /* skip if rxd data */
 if (ob->server_param2)
   {
   uschar * s = expand_string(ob->server_param2);
-  auth_vars[expand_nmax] = s;
+  auth_vars[expand_nmax = 1] = s;
   expand_nstring[++expand_nmax] = s;
   expand_nlength[expand_nmax] = Ustrlen(s);
   if (ob->server_param3)