lib: Fixed read buffer overflow in wildcard_match*()

Patch by Hanno Böck.

Note that input to wildard_match*() is always coming only from trusted
sources, like config file or doveadm commands.

diff --git a/src/lib/wildcard-match.c b/src/lib/wildcard-match.c
index 8d3a5333109e826a1eeaf24ff6ba2dcb12e9aa38..d6d57f496254c229793792cffab606941a12dd6a 100644 (file)
--- a/src/lib/wildcard-match.c
+++ b/src/lib/wildcard-match.c
@@ -35,10 +35,10 @@ static int wildcard_match_int(const char *data, const char *mask, int icase)
          return ma[0] == '\0' ? MATCH : NOMATCH;
   }
   /* find the end of each string */
-  while (*(++mask));
-  mask--;
-  while (*(++data));
-  data--;
+  while (*(mask++));
+  mask-=2;
+  while (*(data++));
+  data-=2;
 
   while (data >= na) {
     /* If the mask runs out of chars before the string, fall back on