Browse code
bb11944 - fix possible message.c OOB read.
Steven Morgan authored on 2017/11/02 05:23:23Showing 1 changed files
| ... | ... |
@@ -2328,15 +2328,16 @@ rfc2231(const char *in) |
| 2328 | 2328 |
in++; |
| 2329 | 2329 |
continue; |
| 2330 | 2330 |
} |
| 2331 |
- *p = '\0'; |
|
| 2332 | 2331 |
break; |
| 2333 | 2332 |
case '=': |
| 2334 | 2333 |
/*strcpy(p, in);*/ |
| 2335 | 2334 |
strcpy(p, "=rfc2231failure"); |
| 2335 |
+ p += strlen ("=rfc2231failure");
|
|
| 2336 | 2336 |
break; |
| 2337 | 2337 |
} |
| 2338 | 2338 |
break; |
| 2339 | 2339 |
} while(*in); |
| 2340 |
+ *p = '\0'; |
|
| 2340 | 2341 |
|
| 2341 | 2342 |
cli_dbgmsg("RFC2231 parameter continuations are not yet handled, returning \"%s\"\n",
|
| 2342 | 2343 |
ret); |