* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2016 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for reading spool files. When compiling for a utility (eximon),
int index, count;
uschar name[20]; /* Need plenty of space for %d format */
tree_node *node;
- if (sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2)
+ if ( sscanf(CS big_buffer + 5, "%d %d", &index, &count) != 2
+ || index >= 20
+ )
goto SPOOL_FORMAT_ERROR;
if (index < 10)
(void) string_format(name, sizeof(name), "%c%d", 'c', index);
- else if (index < 20) /* ignore out-of-range index */
+ else
(void) string_format(name, sizeof(name), "%c%d", 'm', index - 10);
node = acl_var_create(name);
node->data.ptr = store_get(count + 1);
if (Ustrncmp(p, "rozen", 5) == 0)
{
deliver_freeze = TRUE;
- sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at);
+ if (sscanf(CS big_buffer+7, TIME_T_FMT, &deliver_frozen_at) != 1)
+ goto SPOOL_READ_ERROR;
}
break;