From 351a2600091c1758c07f59e925e0bed534d269fd Mon Sep 17 00:00:00 2001 From: gilles Date: Sat, 19 Apr 2014 17:03:42 +0000 Subject: [PATCH] add a missing strlcpy() check in MAIL FROM's DSN parameters parsing, the truncation would lead to a failure later in the code path but we can fail earlier with a nice enhanced status code --- usr.sbin/smtpd/smtp_session.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index 83c2eb96f09..0cd70367faa 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.205 2014/04/19 16:56:34 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.206 2014/04/19 17:03:42 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -1459,7 +1459,13 @@ smtp_parse_mail_args(struct smtp_session *s, char *args) s->evp.dsn_ret = DSN_RETFULL; } else if (strncasecmp(b, "ENVID=", 6) == 0) { b += 6; - strlcpy(s->evp.dsn_envid, b, sizeof(s->evp.dsn_envid)); + if (strlcpy(s->evp.dsn_envid, b, sizeof(s->evp.dsn_envid)) + >= sizeof(s->evp.dsn_envid)) { + smtp_reply(s, "503 %s %s: option too large, truncated: %s", + esc_code(ESC_STATUS_PERMFAIL, ESC_INVALID_COMMAND_ARGUMENTS), + esc_description(ESC_INVALID_COMMAND_ARGUMENTS), b); + return (-1); + } } else { smtp_reply(s, "503 %s %s: Unsupported option %s", esc_code(ESC_STATUS_PERMFAIL, ESC_INVALID_COMMAND_ARGUMENTS), -- 2.20.1