SECURITY: fix Qualys CVE-2020-PFPSN

[exim.git] / src / src / parse.c

diff --git a/src/src/parse.c b/src/src/parse.c
index 18a6df1987ba4d7457f7a2f41d978e4f057cdd50..7dfb9a7eb5f0e69774bcad94c7b4df4913251da0 100644 (file)
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -1129,9 +1129,17 @@ while (s < end)
             {
             if (ss >= end) ss--;
             *t++ = '(';
-            Ustrncpy(t, s, ss-s);
-            t += ss-s;
-            s = ss;
+            if (ss < s)
+              {
+              /* Someone has ended the string with "<punct>(". */
+              ss = s;
+              }
+            else
+              {
+              Ustrncpy(t, s, ss-s);
+              t += ss-s;
+              s = ss;
+              }
             }
           }