Fix potential buffer overrun in mime_getattachment() when the MIME

'content-disposition' filename parameter is not terminated with a double- quote or semi-colon character.

Fix potential buffer overrun in mime_getattachment() when the MIME
'content-disposition' filename parameter is not terminated with a double- quote or semi-colon character.
61860388 · rswindell · 9eaf77be · 61860388
Commit 61860388 authored Aug 08, 2018 by rswindell
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

src/smblib/smbtxt.c src/smblib/smbtxt.c +2 -0

No files found.
--- a/src/smblib/smbtxt.c
+++ b/src/smblib/smbtxt.c
@@ -309,6 +309,8 @@ static BOOL mime_getattachment(char* beg, char* end, char* attachment)
 			term = filename;
 			FIND_WHITESPACE(term);
 		}
+		if(term - filename >= sizeof(fname))
+			term = filename + sizeof(fname) - 1;
 		memcpy(fname, filename, term - filename);
 		fname[term - filename] = 0;
 		strcpy(attachment, getfname(fname));