From f01ee2473d0e646c0e612d0add47c37aee10d40b Mon Sep 17 00:00:00 2001
From: Person <localboxcrox@gmail.com>
Date: Sat, 29 Nov 2025 22:08:56 -0500
Subject: [PATCH] Ensure username_size < sizeof username before memcpy Fixes:
 6259a21 ("Add support for AUTH PLAIN")

Signed-off-by: Hans <localboxcrox@gmail.com>
---
 smtp/smtp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/smtp/smtp.c b/smtp/smtp.c
index c9fb6b24..6b3e6f94 100644
--- a/smtp/smtp.c
+++ b/smtp/smtp.c
@@ -549,6 +549,8 @@ static void handle_auth(enum state *state)
 		if(user_end == NULL)
 			REPLY("535 Authentication credentials invalid")
 		username_size = (size_t)(user_end - user_start);
+		if (username_size > sizeof username)
+			REPLY("535 Username too long")
 		memcpy(username, user_start, username_size);
 		if(!validate_and_case_fold_email_address(username_size, username))
 			REPLY("535 Invalid username")