Correct address parsing bug that is believed to be remotely exploitable.

Submitted by: Michal Zalewski <lcamtuf@dione.ids.pl>
author: nectar <nectar@FreeBSD.org> 2003-09-17 15:10:36 +0000
committer: nectar <nectar@FreeBSD.org> 2003-09-17 15:10:36 +0000
commit: ac5ff30ae19ff6f7473f23c0d36d94301124b150 (patch)
tree: 744c5b0875a46b49b26ea91524f8ff2e06b5d440 /contrib/sendmail/src
parent: 3c5a1e863a66866807948f160122c79d2dd388f5 (diff)
download: FreeBSD-src-ac5ff30ae19ff6f7473f23c0d36d94301124b150.zip
FreeBSD-src-ac5ff30ae19ff6f7473f23c0d36d94301124b150.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index 6acc86d..8128171 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -700,7 +700,11 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
 						addr[MAXNAME] = '\0';
 	returnnull:
 					if (delimptr != NULL)
+					{
+						if (p > addr)
+							p--;
 						*delimptr = p;
+					}
 					CurEnv->e_to = saveto;
 					return NULL;
 				}
author	nectar <nectar@FreeBSD.org>	2003-09-17 15:10:36 +0000
committer	nectar <nectar@FreeBSD.org>	2003-09-17 15:10:36 +0000
commit	ac5ff30ae19ff6f7473f23c0d36d94301124b150 (patch)
tree	744c5b0875a46b49b26ea91524f8ff2e06b5d440 /contrib/sendmail/src
parent	3c5a1e863a66866807948f160122c79d2dd388f5 (diff)
download	FreeBSD-src-ac5ff30ae19ff6f7473f23c0d36d94301124b150.zip FreeBSD-src-ac5ff30ae19ff6f7473f23c0d36d94301124b150.tar.gz