Fix possible buffer overflow (CVE 2010-5109)

Patch by Petr Písař <ppisar@redhat.com>
RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=831322
Debian bug: https://bugs.debian.org/771360

diff --git a/src/plugins/tnef_parse/ytnef.c b/src/plugins/tnef_parse/ytnef.c
index a2e7ed3944dcd6c21ceabc7faa6701118f343dd4..9184836073e8867dbd672fc9c2e8f088f674065d 100644 (file)
--- a/src/plugins/tnef_parse/ytnef.c
+++ b/src/plugins/tnef_parse/ytnef.c
@@ -1352,7 +1352,7 @@ unsigned char *DecompressRTF(variableLength *p, int *size) {
 
     comp_Prebuf.size = strlen(RTF_PREBUF);
     comp_Prebuf.data = calloc(comp_Prebuf.size + 1, 1);
-    strcpy(comp_Prebuf.data, RTF_PREBUF);
+    memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
 
     src = p->data;
     in = 0;