Fix string_copyn() for limit greater than actual string length

[exim.git] / src / src / functions.h

diff --git a/src/src/functions.h b/src/src/functions.h
index f0c0a3aad99418fd79bbe9b5932785801e8538db..07df8755b33f6f81da05a8c4a94bcc6a17d93294 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -2,8 +2,8 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -788,7 +788,10 @@ static inline uschar *
 string_copyn_taint_trc(const uschar * s, unsigned len,
        const void * proto_mem, const char * func, int line)
 {
-uschar * ss = store_get_3(len + 1, proto_mem, func, line);
+uschar * ss;
+unsigned slen = Ustrlen(s);
+if (len > slen) len = slen;
+ss = store_get_3(len + 1, proto_mem, func, line);
 memcpy(ss, s, len);
 ss[len] = '\0';
 return ss;
@@ -1264,10 +1267,10 @@ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("  SMTP%c> %s\n",
 
 #  ifndef DISABLE_CLIENT_CMD_LOG
   {
+  int len = Ustrcspn(buf, " \n");
   int old_pool = store_pool;
   store_pool = POOL_PERM;      /* Main pool ACL allocations eg. callouts get released */
-  client_cmd_log = string_append_listele_n(client_cmd_log, ':', buf,
-                                         Ustrcspn(buf, " \n"));
+  client_cmd_log = string_append_listele_n(client_cmd_log, ':', buf, MIN(len, 8));
   if (mode == SCMD_BUFFER) 
     {
     client_cmd_log = string_catn(client_cmd_log, US"|", 1);