Fix potential buffer overrun in mime_getattachment() when the MIME

'content-disposition' filename parameter is not terminated with a double- quote or semi-colon character.

Fix potential buffer overrun in mime_getattachment() when the MIME
61860388 · rswindell · 9eaf77be · 61860388
Commit 61860388 authored 6 years ago by rswindell
--- a/src/smblib/smbtxt.c
+++ b/src/smblib/smbtxt.c
@@ -309,6 +309,8 @@ static BOOL mime_getattachment(char* beg, char* end, char* attachment)
 			term = filename;
 			FIND_WHITESPACE(term);
 		}
+		if(term - filename >= sizeof(fname))
+			term = filename + sizeof(fname) - 1;
 		memcpy(fname, filename, term - filename);
 		fname[term - filename] = 0;
 		strcpy(attachment, getfname(fname));