summaryrefslogtreecommitdiffabout
diff options
context:
space:
mode:
authorBron Gondwana <brong@opera.com>2011-09-08 17:57:38 (GMT)
committer Bron Gondwana <brong@opera.com>2011-09-08 18:58:20 (GMT)
commit0f8f026699829b65733c3081657b24e2174f4f4d (patch)
tree2035d54aeef0fbeb75cbdf176d944310a28036fe
parent9ed0451fd3767b687f710683fa73e14de607e7f4 (diff)
downloadcyrus-imapd-0f8f026699829b65733c3081657b24e2174f4f4d.tar.gz
CVE-2011-3208 - fix buffer overflow in nntpd
-rw-r--r--imap/nntpd.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/imap/nntpd.c b/imap/nntpd.c
index e184c20..d2e122d 100644
--- a/imap/nntpd.c
+++ b/imap/nntpd.c
@@ -4165,7 +4165,9 @@ static struct wildmat *split_wildmats(char *str)
else if (*c == '@') wild[n].not = -1; /* absolute not (feeding) */
else wild[n].not = 0;
- strcpy(p, wild[n].not ? c + 1 : c);
+ strncpy(p, wild[n].not ? c + 1 : c, pattern+sizeof(pattern) - p);
+ pattern[sizeof(pattern)-1] = '\0';
+
wild[n++].pat = xstrdup(pattern);
} while (c != str);
wild[n].pat = NULL;