From b0bdf4c0235e4b5690d0971f21c20f96121b0ca3 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 25 Jan 2018 07:42:50 +0000
Subject: [PATCH] [Fix] Fix sanity checks on macro value

Issue: #1998
MFH: rspamd-1.6
---
 src/libserver/milter.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/libserver/milter.c b/src/libserver/milter.c
index 511655e92..6fc4892ee 100644
--- a/src/libserver/milter.c
+++ b/src/libserver/milter.c
@@ -450,7 +450,7 @@ rspamd_milter_process_command (struct rspamd_milter_session *session,
 		while (pos < end) {
 			zero = memchr (pos, '\0', cmdlen);
 
-			if (zero == NULL) {
+			if (zero == NULL || end >= zero) {
 				err = g_error_new (rspamd_milter_quark (), EINVAL, "invalid "
 						"macro command (no name)");
 				rspamd_milter_on_protocol_error (session, priv, err);
@@ -462,9 +462,9 @@ rspamd_milter_process_command (struct rspamd_milter_session *session,
 				rspamd_ftok_t *name_tok, *value_tok;
 				const guchar *zero_val;
 
-				zero_val = memchr (zero + 1, '\0', cmdlen);
+				zero_val = memchr (zero + 1, '\0', cmdlen - (end - zero));
 
-				if (end > zero_val) {
+				if (zero_val != NULL && end > zero_val) {
 					name = rspamd_fstring_new_init (pos, zero - pos);
 					value = rspamd_fstring_new_init (zero + 1,
 							zero_val - zero - 1);
-- 
2.39.5