String overscan issues in ssmtp (potential for memory corruption) #10
Description
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623856
Possible fix
--- a/ssmtp.c
+++ b/ssmtp.c
@@ -260,7 +260,7 @@ char *strip_post_ws(char *str)
char *p;
p = (str + strlen(str));
- while(isspace(*--p)) {
+ while(p != str && isspace(*--p)) {
*p = (char)NULL;
}
@@ -299,7 +299,7 @@ char *addr_parse(char *str)
q = strip_pre_ws(p);
if(*q == '(') {
- while((*q++ != ')'));
+ while(*q && *q++ != ')');
}
p = strip_pre_ws(q);
@@ -309,8 +309,11 @@ char *addr_parse(char *str)
q = strip_post_ws(p);
if(*q == ')') {
- while((*--q != '('));
*q = (char)NULL;
+ while(q != p && *--q != '(');
+ if (*q == '(') {
+ *q = (char)NULL;
+ }
}
(void)strip_post_ws(p);