From: Timo Sirainen <tss@iki.fi>
Date: Sun, 24 Nov 2013 18:27:27 +0000 (+0200)
Subject: auth: Fixed (non-exploitable) buffer overflow in DIGEST-MD5 data parsing.
X-Git-Tag: 2.2.9~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b81994170ed88051b580393b6bb9a7565193ad3;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fixed (non-exploitable) buffer overflow in DIGEST-MD5 data parsing.
Found by Jann Horn.
---

diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c
index d1e00daaef..bae75ec826 100644
--- a/src/auth/mech-digest-md5.c
+++ b/src/auth/mech-digest-md5.c
@@ -246,7 +246,7 @@ static bool parse_next(char **data, char **key, char **value)
 	*value = p+1;
 
 	/* skip trailing whitespace in key */
-	while (IS_LWS(p[-1]))
+	while (p > *data && IS_LWS(p[-1]))
 		p--;
 	*p = '\0';