[gmime: 15/24] Fix out-of-bounds read in decode_quoted_string()
- From: Jeffrey Stedfast <fejj src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gmime: 15/24] Fix out-of-bounds read in decode_quoted_string()
- Date: Sat, 26 Aug 2017 13:21:00 +0000 (UTC)
commit c34f4186fa3491bcfab102cb9f1534614d38f564
Author: Jakub Wilk <jwilk jwilk net>
Date: Mon Jul 31 00:00:15 2017 +0200
Fix out-of-bounds read in decode_quoted_string()
If a malformed header ended right after backslash, the original code
would jump over the terminating null byte.
gmime/gmime-param.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/gmime/gmime-param.c b/gmime/gmime-param.c
index 8cf4732..29b44eb 100644
--- a/gmime/gmime-param.c
+++ b/gmime/gmime-param.c
@@ -903,7 +903,7 @@ decode_quoted_string (const char **in)
start = inptr++;
while (*inptr && *inptr != '"') {
- if (*inptr++ == '\\') {
+ if (*inptr++ == '\\' && *inptr) {
unescape = TRUE;
inptr++;
}
@@ -925,7 +925,8 @@ decode_quoted_string (const char **in)
while (*inptr) {
if (*inptr == '\\')
inptr++;
- *outptr++ = *inptr++;
+ if (*inptr)
+ *outptr++ = *inptr++;
}
*outptr = '\0';
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]