smtp: null terminate before calling strtoul

author Philippe Antoine <contact@catenacyber.fr>

Thu, 22 Apr 2021 08:28:15 +0000 (10:28 +0200)

committer Victor Julien <victor@inliniac.net>

Fri, 25 Jun 2021 15:11:52 +0000 (17:11 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 22 Apr 2021 08:28:15 +0000 (10:28 +0200)
committer Victor Julien <victor@inliniac.net>
Fri, 25 Jun 2021 15:11:52 +0000 (17:11 +0200)
diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c

index e1f2ffb0c98104c7eb2c055340e169630b942ab6..083a8398a0a966b806624fc105bf72f860f37a50 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1108,7 +1108,15 @@ static int SMTPParseCommandBDAT(SMTPState *state)
          return -1;
      }
      char *endptr = NULL;
-    state->bdat_chunk_len = strtoul((const char *)state->current_line + i,
+    // copy in temporary null-terminated buffer to call strtoul
+    char strbuf[24];
+    int len = 23;
+    if (state->current_line_len - i < len) {
+        len = state->current_line_len - i;
+    }
+    memcpy(strbuf, (const char *)state->current_line + i, len);
+    strbuf[len] = '\0';
+    state->bdat_chunk_len = strtoul((const char *)strbuf,
                                      (char **)&endptr, 10);
      if ((uint8_t *)endptr == state->current_line + i) {
          /* decoder event */
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 22 Apr 2021 08:28:15 +0000 (10:28 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 25 Jun 2021 15:11:52 +0000 (17:11 +0200)