diff options
| -rw-r--r-- | usr.sbin/smtpd/lka_session.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/lka_session.c b/usr.sbin/smtpd/lka_session.c index 8a78703cbc8..0996d66e236 100644 --- a/usr.sbin/smtpd/lka_session.c +++ b/usr.sbin/smtpd/lka_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_session.c,v 1.69 2015/01/20 17:37:54 deraadt Exp $ */ +/* $OpenBSD: lka_session.c,v 1.70 2015/10/02 00:29:51 gilles Exp $ */ /* * Copyright (c) 2011 Gilles Chehade <gilles@poolp.org> @@ -800,6 +800,10 @@ lka_expand_format(char *buf, size_t len, const struct envelope *ep, if (exptoklen == 0) return 0; + /* writing expanded token at ptmp will overflow tmpbuf */ + if (sizeof (tmpbuf) - (ptmp - tmpbuf) <= exptoklen) + return 0; + memcpy(ptmp, exptok, exptoklen); pbuf = ebuf + 1; ptmp += exptoklen; |