git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix string_copyn() for limit greater than actual string length
[exim.git]
/
src
/
src
/
functions.h
diff --git
a/src/src/functions.h
b/src/src/functions.h
index f0c0a3aad99418fd79bbe9b5932785801e8538db..07df8755b33f6f81da05a8c4a94bcc6a17d93294 100644
(file)
--- a/
src/src/functions.h
+++ b/
src/src/functions.h
@@
-2,8
+2,8
@@
* Exim - an Internet mail transport agent *
*************************************************/
* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
/* See the file NOTICE for conditions of use and distribution. */
@@
-788,7
+788,10
@@
static inline uschar *
string_copyn_taint_trc(const uschar * s, unsigned len,
const void * proto_mem, const char * func, int line)
{
string_copyn_taint_trc(const uschar * s, unsigned len,
const void * proto_mem, const char * func, int line)
{
-uschar * ss = store_get_3(len + 1, proto_mem, func, line);
+uschar * ss;
+unsigned slen = Ustrlen(s);
+if (len > slen) len = slen;
+ss = store_get_3(len + 1, proto_mem, func, line);
memcpy(ss, s, len);
ss[len] = '\0';
return ss;
memcpy(ss, s, len);
ss[len] = '\0';
return ss;
@@
-1264,10
+1267,10
@@
HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP%c> %s\n",
# ifndef DISABLE_CLIENT_CMD_LOG
{
# ifndef DISABLE_CLIENT_CMD_LOG
{
+ int len = Ustrcspn(buf, " \n");
int old_pool = store_pool;
store_pool = POOL_PERM; /* Main pool ACL allocations eg. callouts get released */
int old_pool = store_pool;
store_pool = POOL_PERM; /* Main pool ACL allocations eg. callouts get released */
- client_cmd_log = string_append_listele_n(client_cmd_log, ':', buf,
- Ustrcspn(buf, " \n"));
+ client_cmd_log = string_append_listele_n(client_cmd_log, ':', buf, MIN(len, 8));
if (mode == SCMD_BUFFER)
{
client_cmd_log = string_catn(client_cmd_log, US"|", 1);
if (mode == SCMD_BUFFER)
{
client_cmd_log = string_catn(client_cmd_log, US"|", 1);