From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 25 Jan 2018 07:42:50 +0000 (+0000)
Subject: [Fix] Fix sanity checks on macro value
X-Git-Tag: 1.6.6~2^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=050609ad39ba4c85217e22db06be81c07cea0da6;p=thirdparty%2Frspamd.git

[Fix] Fix sanity checks on macro value

Issue: #1998
MFH: rspamd-1.6
---

diff --git a/src/libserver/milter.c b/src/libserver/milter.c
index 3081947b9e..ad95f63b22 100644
--- a/src/libserver/milter.c
+++ b/src/libserver/milter.c
@@ -447,7 +447,7 @@ rspamd_milter_process_command (struct rspamd_milter_session *session,
 		while (pos < end) {
 			zero = memchr (pos, '\0', cmdlen);
 
-			if (zero == NULL) {
+			if (zero == NULL || end >= zero) {
 				err = g_error_new (rspamd_milter_quark (), EINVAL, "invalid "
 						"macro command (no name)");
 				rspamd_milter_on_protocol_error (session, priv, err);
@@ -459,9 +459,9 @@ rspamd_milter_process_command (struct rspamd_milter_session *session,
 				rspamd_ftok_t *name_tok, *value_tok;
 				const guchar *zero_val;
 
-				zero_val = memchr (zero + 1, '\0', cmdlen);
+				zero_val = memchr (zero + 1, '\0', cmdlen - (end - zero));
 
-				if (end > zero_val) {
+				if (zero_val != NULL && end > zero_val) {
 					name = rspamd_fstring_new_init (pos, zero - pos);
 					value = rspamd_fstring_new_init (zero + 1,
 							zero_val - zero - 1);