smtp: avoid risk of buffer overflow in strtol (39df4073) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/smtp.c

+6 −2

Original line number	Original line	Diff line number	Diff line
	@@ -5,7 +5,7 @@
	* \| (__\| \|_\| \| _ <\| \|___		* \| (__\| \|_\| \| _ <\| \|___
	* \___\|\___/\|_\| \_\_____\|		* \___\|\___/\|_\| \_\_____\|
	*		*
	* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.		* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
	*		*
	* This software is licensed as described in the file COPYING, which		* This software is licensed as described in the file COPYING, which
	* you should have received as part of this distribution. The terms		* you should have received as part of this distribution. The terms
	@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata conn, char line, size_t len,
	Section 4. Examples of RFC-4954 but some e-mail servers ignore this and		Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
	only send the response code instead as per Section 4.2. */		only send the response code instead as per Section 4.2. */
	if(line[3] == ' ' \|\| len == 5) {		if(line[3] == ' ' \|\| len == 5) {
			char tmpline[6];

	result = TRUE;		result = TRUE;
	*resp = curlx_sltosi(strtol(line, NULL, 10));		memset(tmpline, '\0', sizeof(tmpline));
			memcpy(tmpline, line, (len == 5 ? 5 : 3));
			*resp = curlx_sltosi(strtol(tmpline, NULL, 10));

	/* Make sure real server never sends internal value */		/* Make sure real server never sends internal value */
	if(*resp == 1)		if(*resp == 1)