From 51864c134f3693dc4f3452f452bb8c5845c20c2f Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 19 Mar 2023 16:43:45 +0000 Subject: mda_expand_format: simplify token name extraction for %{name} It is simpler to compute the length based on the start and end pointers and pass that value to memcpy(), adding an explicit NUL terminator after copying. OK op@ --- usr.sbin/smtpd/mda_variables.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/usr.sbin/smtpd/mda_variables.c b/usr.sbin/smtpd/mda_variables.c index 7c14d2eb551..0f2be7722c8 100644 --- a/usr.sbin/smtpd/mda_variables.c +++ b/usr.sbin/smtpd/mda_variables.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mda_variables.c,v 1.8 2023/03/19 01:43:11 millert Exp $ */ +/* $OpenBSD: mda_variables.c,v 1.9 2023/03/19 16:43:44 millert Exp $ */ /* * Copyright (c) 2011-2017 Gilles Chehade @@ -243,7 +243,7 @@ mda_expand_format(char *buf, size_t len, const struct deliver *dlv, char exptok[EXPAND_BUFFER]; ssize_t exptoklen; char token[MAXTOKENLEN]; - size_t ret, tmpret; + size_t ret, tmpret, toklen; if (len < sizeof tmpbuf) { log_warnx("mda_expand_format: tmp buffer < rule buffer"); @@ -268,7 +268,6 @@ mda_expand_format(char *buf, size_t len, const struct deliver *dlv, pbuf += 2; } - /* expansion loop */ for (; *pbuf && ret < sizeof tmpbuf; ret += tmpret) { if (*pbuf == '%' && *(pbuf + 1) == '%') { @@ -285,17 +284,16 @@ mda_expand_format(char *buf, size_t len, const struct deliver *dlv, } /* %{...} otherwise fail */ - if (*(pbuf+1) != '{' || (ebuf = strchr(pbuf+1, '}')) == NULL) + if ((ebuf = strchr(pbuf+2, '}')) == NULL) return 0; /* extract token from %{token} */ - if ((size_t)(ebuf - pbuf) - 1 >= sizeof token) + toklen = ebuf - (pbuf+2); + if (toklen >= sizeof token) return 0; - memcpy(token, pbuf+2, ebuf-pbuf-1); - if (strchr(token, '}') == NULL) - return 0; - *strchr(token, '}') = '\0'; + memcpy(token, pbuf+2, toklen); + token[toklen] = '\0'; exptoklen = mda_expand_token(exptok, sizeof exptok, token, dlv, ui, mda_command); -- cgit v1.2.3