From 2efc09a20e6503d99fe3d76fcc16b1892fb7c7ff Mon Sep 17 00:00:00 2001
From: emanuele-f <faranda@ntop.org>
Date: Wed, 12 Feb 2020 19:36:47 +0100
Subject: Fix invalid memory read

---
 src/lib/protocols/mail_smtp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index f839598d6..045601f78 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -153,8 +153,10 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 		out = ndpi_base64_decode((const u_char*)buf, (size_t)strlen((const char*)buf), &out_len);
 
 		if(out) {
-		  snprintf(flow->protos.ftp_imap_pop_smtp.username,
-			   sizeof(flow->protos.ftp_imap_pop_smtp.username), "%s", out);
+		  size_t len = ndpi_min(out_len, sizeof(flow->protos.ftp_imap_pop_smtp.username) - 1);
+
+		  memcpy(flow->protos.ftp_imap_pop_smtp.username, out, len);
+		  flow->protos.ftp_imap_pop_smtp.username[len] = '\0';
 		  
 		  ndpi_free(out);
 		}
-- 
cgit v1.2.3