[Fix] Fix sanity checks on macro value

Issue: #1998 MFH: rspamd-1.6
author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-01-25 07:42:50 +0000
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-01-25 07:42:50 +0000
commit: b0bdf4c0235e4b5690d0971f21c20f96121b0ca3 (patch)
tree: 3eb19e7d39aefe5d8a2d3711733d5c196c881518 /src/libserver/milter.c
parent: f74c2585fdd51f8f759701a48be8a449f889fff7 (diff)
download: rspamd-b0bdf4c0235e4b5690d0971f21c20f96121b0ca3.tar.gz
rspamd-b0bdf4c0235e4b5690d0971f21c20f96121b0ca3.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/libserver/milter.c b/src/libserver/milter.c
index 511655e92..6fc4892ee 100644
--- a/src/libserver/milter.c
+++ b/src/libserver/milter.c
@@ -450,7 +450,7 @@ rspamd_milter_process_command (struct rspamd_milter_session *session,
 		while (pos < end) {
 			zero = memchr (pos, '\0', cmdlen);
 
-			if (zero == NULL) {
+			if (zero == NULL || end >= zero) {
 				err = g_error_new (rspamd_milter_quark (), EINVAL, "invalid "
 						"macro command (no name)");
 				rspamd_milter_on_protocol_error (session, priv, err);
@@ -462,9 +462,9 @@ rspamd_milter_process_command (struct rspamd_milter_session *session,
 				rspamd_ftok_t *name_tok, *value_tok;
 				const guchar *zero_val;
 
-				zero_val = memchr (zero + 1, '\0', cmdlen);
+				zero_val = memchr (zero + 1, '\0', cmdlen - (end - zero));
 
-				if (end > zero_val) {
+				if (zero_val != NULL && end > zero_val) {
 					name = rspamd_fstring_new_init (pos, zero - pos);
 					value = rspamd_fstring_new_init (zero + 1,
 							zero_val - zero - 1);
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-01-25 07:42:50 +0000
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-01-25 07:42:50 +0000
commit	b0bdf4c0235e4b5690d0971f21c20f96121b0ca3 (patch)
tree	3eb19e7d39aefe5d8a2d3711733d5c196c881518 /src/libserver/milter.c
parent	f74c2585fdd51f8f759701a48be8a449f889fff7 (diff)
download	rspamd-b0bdf4c0235e4b5690d0971f21c20f96121b0ca3.tar.gz rspamd-b0bdf4c0235e4b5690d0971f21c20f96121b0ca3.zip