From d0dc72e4e5b6d4bac15fb6e0df490efe88e9bb8d Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 22 Apr 2021 10:28:15 +0200 Subject: [PATCH] smtp: null terminate before calling strtoul by copying in a temporary buffer as is done in ByteExtractString (cherry picked from commit 33fa7ab5969d3fc5ca088c003bd4dbfe76d77b6b) --- src/app-layer-smtp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index e1f2ffb0c9..083a8398a0 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1108,7 +1108,15 @@ static int SMTPParseCommandBDAT(SMTPState *state) return -1; } char *endptr = NULL; - state->bdat_chunk_len = strtoul((const char *)state->current_line + i, + // copy in temporary null-terminated buffer to call strtoul + char strbuf[24]; + int len = 23; + if (state->current_line_len - i < len) { + len = state->current_line_len - i; + } + memcpy(strbuf, (const char *)state->current_line + i, len); + strbuf[len] = '\0'; + state->bdat_chunk_len = strtoul((const char *)strbuf, (char **)&endptr, 10); if ((uint8_t *)endptr == state->current_line + i) { /* decoder event */ -- 2.47.2