FR-AD-001 - (v2) use strncmp() instead of memcmp() for bounded data

diff --git a/src/main/conffile.c b/src/main/conffile.c
index 002cfbc..af42baa 100644 (file)
--- a/src/main/conffile.c
+++ b/src/main/conffile.c
@@ -811,7 +811,7 @@ static const char *cf_expand_variables(const char *cf, int *lineno,
                        p += strlen(p);
                        ptr = end + 1;
 
-               } else if (memcmp(ptr, "$ENV{", 5) == 0) {
+               } else if (strncmp(ptr, "$ENV{", 5) == 0) {
                        char *env;
 
                        ptr += 5;