Commit 61860388 authored by rswindell's avatar rswindell
Browse files

Fix potential buffer overrun in mime_getattachment() when the MIME

'content-disposition' filename parameter is not terminated with a double-
quote or semi-colon character.
parent 9eaf77be
......@@ -309,6 +309,8 @@ static BOOL mime_getattachment(char* beg, char* end, char* attachment)
term = filename;
FIND_WHITESPACE(term);
}
if(term - filename >= sizeof(fname))
term = filename + sizeof(fname) - 1;
memcpy(fname, filename, term - filename);
fname[term - filename] = 0;
strcpy(attachment, getfname(fname));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment