Auths: fix possible OOB write in external authenticator. Bug 2999

[exim.git] / src / src / auths / external.c

diff --git a/src/src/auths/external.c b/src/src/auths/external.c
index 10e1366a88523b94c55fd3c215329c68b8f577f4..790b9815902fa8897404265fcd406d4040b1f455 100644 (file)
--- a/src/src/auths/external.c
+++ b/src/src/auths/external.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) Jeremy Harris 2019 */
+/* Copyright (c) Jeremy Harris 2019-2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* This file provides an Exim authenticator driver for
@@ -17,12 +17,9 @@ method defined in RFC 4422 Appendix A.
 /* Options specific to the external authentication mechanism. */
 
 optionlist auth_external_options[] = {
-  { "client_send",     opt_stringptr,
-      (void *)(offsetof(auth_external_options_block, client_send)) },
-  { "server_param2",   opt_stringptr,
-      (void *)(offsetof(auth_external_options_block, server_param2)) },
-  { "server_param3",       opt_stringptr,
-      (void *)(offsetof(auth_external_options_block, server_param3)) },
+  { "client_send",     opt_stringptr, OPT_OFF(auth_external_options_block, client_send) },
+  { "server_param2",   opt_stringptr, OPT_OFF(auth_external_options_block, server_param2) },
+  { "server_param3",   opt_stringptr, OPT_OFF(auth_external_options_block, server_param3) },
 };
 
 /* Size of the options list. An extern variable has to be used so that its
@@ -106,7 +103,7 @@ if (expand_nmax == 0)       /* skip if rxd data */
 if (ob->server_param2)
   {
   uschar * s = expand_string(ob->server_param2);
-  auth_vars[expand_nmax] = s;
+  auth_vars[expand_nmax = 1] = s;
   expand_nstring[++expand_nmax] = s;
   expand_nlength[expand_nmax] = Ustrlen(s);
   if (ob->server_param3)