From: Jan Hadrava Date: Sat, 9 Sep 2023 23:00:27 +0000 (+0200) Subject: Fix rfc2047 decoding buffer overflow X-Git-Tag: v1.12~2 X-Git-Url: http://mj.ucw.cz/gitweb/?a=commitdiff_plain;h=515a643a86d443e28442dc0e41640483b7671f0c;p=checkmail.git Fix rfc2047 decoding buffer overflow If the rfc2047_decode_word() function fails, only the failed word is copied into the output. In the previous version, the rest of the header was copied as well, which resulted in repetition in the output. This repetition, combined with the lack of checking the length of the output buffer, could have led to writing outside the allocated memory. --- diff --git a/charset.c b/charset.c index c80ce9e..d32a414 100644 --- a/charset.c +++ b/charset.c @@ -363,7 +363,12 @@ static void rfc2047_decode (char **pd) } if (rfc2047_decode_word (d, p, dlen) < 0) - strcpy(d, p); + { + n = q - p; + if (n > dlen) + n = dlen; + memcpy (d, p, n); + } found_encoded = 1; s = q; n = strlen (d);