#163 Unsafe use of strcpy in dspam.c

[Thomas Preud'homme]

Hi Stevan,

while trying to determine if commit cbed19764df8ecc1469f739ca33eb92aa3f67584 is overflow safe, I noticed an unsafe use of strcpy in dspam.c, (at line 1701 at commit f6c5008357248cf357b6666c7a6a4618fcf52d89).

If the domain name is longer than the extension, then strcpy is made on overlapping memory which is not guaranteed to work. AFAIK, it should fail with recent glibc since they take advantage of the fact areas should not overlap on strcpy to make more optimizations. Memmove should be used instead.

Best regards,

Thomas