From: Timo Sirainen <tss@iki.fi>
Date: Mon, 29 Jun 2015 10:06:03 +0000 (+0300)
Subject: lib: Fixed read buffer overflow in wildcard_match*()
X-Git-Tag: 2.2.19.rc1~303
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=55e8c2dec7a38c71a6f38a8057846706c5743644;p=thirdparty%2Fdovecot%2Fcore.git

lib: Fixed read buffer overflow in wildcard_match*()
Patch by Hanno Böck.

Note that input to wildard_match*() is always coming only from trusted
sources, like config file or doveadm commands.
---

diff --git a/src/lib/wildcard-match.c b/src/lib/wildcard-match.c
index 8d3a533310..d6d57f4962 100644
--- a/src/lib/wildcard-match.c
+++ b/src/lib/wildcard-match.c
@@ -35,10 +35,10 @@ static int wildcard_match_int(const char *data, const char *mask, int icase)
 	  return ma[0] == '\0' ? MATCH : NOMATCH;
   }
   /* find the end of each string */
-  while (*(++mask));
-  mask--;
-  while (*(++data));
-  data--;
+  while (*(mask++));
+  mask-=2;
+  while (*(data++));
+  data-=2;
 
   while (data >= na) {
     /* If the mask runs out of chars before the string, fall back on