From 6d2c02560e5c0aa7cef83d02b26f193135b93e21 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Mon, 9 May 2022 14:45:53 +0100
Subject: Fix string_copyn() for limit greater than actual string length

Broken-by: a76d120aed
---
 src/src/functions.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/src/functions.h b/src/src/functions.h
index f8e0cd77e..07df8755b 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -788,7 +788,10 @@ static inline uschar *
 string_copyn_taint_trc(const uschar * s, unsigned len,
 	const void * proto_mem, const char * func, int line)
 {
-uschar * ss = store_get_3(len + 1, proto_mem, func, line);
+uschar * ss;
+unsigned slen = Ustrlen(s);
+if (len > slen) len = slen;
+ss = store_get_3(len + 1, proto_mem, func, line);
 memcpy(ss, s, len);
 ss[len] = '\0';
 return ss;
-- 
cgit v1.2.3