A safer version of the check for gecos expansion.

[exim.git] / src / src / receive.c

diff --git a/src/src/receive.c b/src/src/receive.c
index 4d77bcd9657f17f95fce73462d40aa13bf5c633c..efd0766e77ff3ae157f4517808c05d2ddb73f9f1 100644 (file)
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -2035,9 +2035,12 @@ for (h = header_list->next; h != NULL; h = h->next)
       from_header = h;
       if (!smtp_input)
         {
+        int len;
         uschar *s = Ustrchr(h->text, ':') + 1;
         while (isspace(*s)) s++;
-        if (strcmpic(s, originator_login) == 0)
+        len = h->slen - (s - h->text) - 1;
+        if (Ustrlen(originator_login) == len &&
+           strncmpic(s, originator_login, len) == 0)
           {
           uschar *name = is_resent? US"Resent-From" : US"From";
           header_add(htype_from, "%s: %s <%s@%s>\n", name, originator_name,