use proper boundary checking for to_domain string

Signed-off-by: Janos SUTO <sj@acts.hu>
2025-11-04 01:12:27 +01:00 · 2018-07-12 20:16:08 +00:00
parent bb6e0578b7
commit f72a87ca60
3 changed files with 10 additions and 2 deletions
--- a/src/defs.h
+++ b/src/defs.h
@@ -207,6 +207,7 @@ struct parser_state {

   int bodylen;
   int tolen;
+   int todomainlen;
   int journaltolen;

   int retention;
--- a/src/parser.c
+++ b/src/parser.c
@@ -144,7 +144,7 @@ int parse_line(char *buf, struct parser_state *state, struct session_data *sdata
   unsigned char b64buffer[MAXBUFSIZE];
   char tmpbuf[MAXBUFSIZE];
   int n64, writelen, boundary_line=0, result;
-   unsigned int len;
+   unsigned int len, domainlen;

   if(cfg->debug == 1) printf("line: %s", buf);

@@ -170,6 +170,7 @@ int parse_line(char *buf, struct parser_state *state, struct session_data *sdata
         memset(state->b_to, 0, MAXBUFSIZE);
         state->tolen = 0;
         memset(state->b_to_domain, 0, SMALLBUFSIZE);
+         state->todomainlen = 0;

         clearhash(state->rcpt);
         clearhash(state->rcpt_domain);
@@ -721,7 +722,12 @@ int parse_line(char *buf, struct parser_state *state, struct session_data *sdata
               if(q){
                  if(findnode(state->rcpt_domain, q+1) == NULL){
                     addnode(state->rcpt_domain, q+1);
-                     memcpy(&(state->b_to_domain[strlen(state->b_to_domain)]), q+1, strlen(q+1));
+                     domainlen = strlen(q+1);
+
+                     if(state->todomainlen < SMALLBUFSIZE-domainlen-1){
+                        memcpy(&(state->b_to_domain[state->todomainlen]), q+1, domainlen);
+                        state->todomainlen += domainlen;
+                     }
                  }
               }

--- a/src/parser_utils.c
+++ b/src/parser_utils.c
@@ -96,6 +96,7 @@ void init_state(struct parser_state *state){
   memset(state->b_journal_to, 0, MAXBUFSIZE);

   state->tolen = 0;
+   state->todomainlen = 0;
   state->bodylen = 0;
   state->journaltolen = 0;