CVE-2011-3208 - fix buffer overflow in nntpd

author: Bron Gondwana <brong@opera.com> 2011-09-08 17:57:38 (GMT)
committer: Bron Gondwana <brong@opera.com> 2011-09-08 18:58:20 (GMT)
commit: 0f8f026699829b65733c3081657b24e2174f4f4d (patch) (side-by-side diff)
tree: 2035d54aeef0fbeb75cbdf176d944310a28036fe
parent: 9ed0451fd3767b687f710683fa73e14de607e7f4 (diff)
download: cyrus-imapd-0f8f026699829b65733c3081657b24e2174f4f4d.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/imap/nntpd.c b/imap/nntpd.c
index e184c20..d2e122d 100644
--- a/imap/nntpd.c
+++ b/imap/nntpd.c
@@ -4165,7 +4165,9 @@ static struct wildmat *split_wildmats(char *str)
 	else if (*c == '@') wild[n].not = -1;	/* absolute not (feeding) */
 	else wild[n].not = 0;
 
-	strcpy(p, wild[n].not ? c + 1 : c);
+	strncpy(p, wild[n].not ? c + 1 : c, pattern+sizeof(pattern) - p);
+	pattern[sizeof(pattern)-1] = '\0';
+
 	wild[n++].pat = xstrdup(pattern);
     } while (c != str);
     wild[n].pat = NULL;
author	Bron Gondwana <brong@opera.com>	2011-09-08 17:57:38 (GMT)
committer	Bron Gondwana <brong@opera.com>	2011-09-08 18:58:20 (GMT)
commit	0f8f026699829b65733c3081657b24e2174f4f4d (patch) (side-by-side diff)
tree	2035d54aeef0fbeb75cbdf176d944310a28036fe
parent	9ed0451fd3767b687f710683fa73e14de607e7f4 (diff)
download	cyrus-imapd-0f8f026699829b65733c3081657b24e2174f4f4d.tar.gz