From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 20 Aug 2020 06:44:20 +0000 (+0300)
Subject: lib: var-expand - Avoid unsigned overflow in offset calculation
X-Git-Tag: 2.3.13~197
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43f87295876f2bbdcb120decc76a5c09e34f15c8;p=thirdparty%2Fdovecot%2Fcore.git

lib: var-expand - Avoid unsigned overflow in offset calculation
---

diff --git a/src/lib/var-expand.c b/src/lib/var-expand.c
index 4d785f0680..7ddaec0a63 100644
--- a/src/lib/var-expand.c
+++ b/src/lib/var-expand.c
@@ -599,9 +599,10 @@ int var_expand_with_funcs(string_t *dest, const char *str,
 					/* if offset is < 0 then we want to
 					   start at the end */
 					size_t len = strlen(var);
+					size_t offset_from_end = -ctx.offset;
 
-					if (len > (size_t)-ctx.offset)
-						var += len + ctx.offset;
+					if (len > offset_from_end)
+						var += len - offset_from_end;
 				} else {
 					while (*var != '\0' && ctx.offset > 0) {
 						ctx.offset--;