SECURITY: Avoid integer overflow on too many recipients

[user/henk/code/exim.git] / src / src / parse.c

diff --git a/src/src/parse.c b/src/src/parse.c
index 885a01c0d78b4d427eef77193a26e4b7f1a48fb6..8d689e88adc349b59cafd110813d64779fc562fa 100644 (file)
--- a/src/src/parse.c
+++ b/src/src/parse.c
@@ -808,11 +808,11 @@ while (isspace(endptr[-1])) endptr--;
 *end = endptr - US mailbox;
 
 /* Although this code has no limitation on the length of address extracted,
-other parts of Exim may have limits, and in any case, RFC 2821 limits local
-parts to 64 and domains to 255, so we do a check here, giving an error if the
-address is ridiculously long. */
+other parts of Exim may have limits, and in any case, RFC 5321 limits email
+addresses to 256, so we do a check here, giving an error if the address is
+ridiculously long. */
 
-if (*end - *start > ADDRESS_MAXLENGTH)
+if (*end - *start > EXIM_EMAILADDR_MAX)
   {
   *errorptr = string_sprintf("address is ridiculously long: %.64s...", yield);
   return NULL;
@@ -984,6 +984,11 @@ if (i < len)
 
 /* No non-printers; use the RFC 822 quoting rules */
 
+if (!len)
+  {
+  return string_copy_taint_function("", is_tainted(phrase));
+  }
+
 buffer = store_get(len*4, is_tainted(phrase));
 
 s = phrase;
@@ -1129,9 +1134,17 @@ while (s < end)
             {
             if (ss >= end) ss--;
             *t++ = '(';
-            Ustrncpy(t, s, ss-s);
-            t += ss-s;
-            s = ss;
+            if (ss < s)
+              {
+              /* Someone has ended the string with "<punct>(". */
+              ss = s;
+              }
+            else
+              {
+              Ustrncpy(t, s, ss-s);
+              t += ss-s;
+              s = ss;
+              }
             }
           }