From 61860388eee32dfe1cfe8df5921bbff153ad09fd Mon Sep 17 00:00:00 2001 From: rswindell <> Date: Wed, 8 Aug 2018 22:14:41 +0000 Subject: [PATCH] Fix potential buffer overrun in mime_getattachment() when the MIME 'content-disposition' filename parameter is not terminated with a double- quote or semi-colon character. --- src/smblib/smbtxt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/smblib/smbtxt.c b/src/smblib/smbtxt.c index 74e77c867f..3e6e0abb98 100644 --- a/src/smblib/smbtxt.c +++ b/src/smblib/smbtxt.c @@ -309,6 +309,8 @@ static BOOL mime_getattachment(char* beg, char* end, char* attachment) term = filename; FIND_WHITESPACE(term); } + if(term - filename >= sizeof(fname)) + term = filename + sizeof(fname) - 1; memcpy(fname, filename, term - filename); fname[term - filename] = 0; strcpy(attachment, getfname(fname)); -- GitLab