auth: Fixed (non-exploitable) buffer overflow in DIGEST-MD5 data parsing.

Found by Jann Horn.

diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c
index d1e00daaef55b91b15c0404208b690ccf29f63b5..bae75ec8269b0c0b9cdd0218b1ba677f13faeee2 100644 (file)
--- a/src/auth/mech-digest-md5.c
+++ b/src/auth/mech-digest-md5.c
@@ -246,7 +246,7 @@ static bool parse_next(char **data, char **key, char **value)
        *value = p+1;
 
        /* skip trailing whitespace in key */
-       while (IS_LWS(p[-1]))
+       while (p > *data && IS_LWS(p[-1]))
                p--;
        *p = '\0';