smtp: null terminate before calling strtoul

author Philippe Antoine <contact@catenacyber.fr>

Thu, 22 Apr 2021 08:28:15 +0000 (10:28 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 15 Jun 2021 09:29:07 +0000 (11:29 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 22 Apr 2021 08:28:15 +0000 (10:28 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 15 Jun 2021 09:29:07 +0000 (11:29 +0200)
diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c

index 6b23b4b487775bf8d5cb64fb6e5e2066e5351246..ad617c950c95240fca1cca6374885ea6e17c4c13 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1108,7 +1108,15 @@ static int SMTPParseCommandBDAT(SMTPState *state)
          return -1;
      }
      char *endptr = NULL;
-    state->bdat_chunk_len = strtoul((const char *)state->current_line + i,
+    // copy in temporary null-terminated buffer to call strtoul
+    char strbuf[24];
+    int len = 23;
+    if (state->current_line_len - i < len) {
+        len = state->current_line_len - i;
+    }
+    memcpy(strbuf, (const char *)state->current_line + i, len);
+    strbuf[len] = '\0';
+    state->bdat_chunk_len = strtoul((const char *)strbuf,
                                      (char **)&endptr, 10);
      if ((uint8_t *)endptr == state->current_line + i) {
          /* decoder event */
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 22 Apr 2021 08:28:15 +0000 (10:28 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 15 Jun 2021 09:29:07 +0000 (11:29 +0200)