From 61860388eee32dfe1cfe8df5921bbff153ad09fd Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Wed, 8 Aug 2018 22:14:41 +0000
Subject: [PATCH] Fix potential buffer overrun in mime_getattachment() when the
 MIME 'content-disposition' filename parameter is not terminated with a
 double- quote or semi-colon character.

---
 src/smblib/smbtxt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/smblib/smbtxt.c b/src/smblib/smbtxt.c
index 74e77c867f..3e6e0abb98 100644
--- a/src/smblib/smbtxt.c
+++ b/src/smblib/smbtxt.c
@@ -309,6 +309,8 @@ static BOOL mime_getattachment(char* beg, char* end, char* attachment)
 			term = filename;
 			FIND_WHITESPACE(term);
 		}
+		if(term - filename >= sizeof(fname))
+			term = filename + sizeof(fname) - 1;
 		memcpy(fname, filename, term - filename);
 		fname[term - filename] = 0;
 		strcpy(attachment, getfname(fname));
-- 
GitLab