JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
and ${tr...}. Found and diagnosed by Heiko Schlichting.
+JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
+ could be triggered by externally-supplied input. Found by Trend Micro.
+
Exim version 4.96
-----------------
if (ob->server_param2)
{
uschar * s = expand_string(ob->server_param2);
- auth_vars[expand_nmax] = s;
+ auth_vars[expand_nmax = 1] = s;
expand_nstring[++expand_nmax] = s;
expand_nlength[expand_nmax] = Ustrlen(s);
if (ob->server_param3)