Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 589] buffer overflow in moan_check_errorcopy()
masta at perlgolf
Aug 29, 2007, 3:02 AM
Post #1 of 3 (1048 views)
Permalink
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=589




--- Comment #1 from Nico Erfurth <masta@perlgolf.de> 2007-08-29 11:02:37 ---
Created an attachment (id=208)
--> (http://bugs.exim.org/attachment.cgi?id=208)
Proposed patch, using string_copyn

This patch uses string_copyn instead of a buffer on the stack. The allocated
store will not be freed afterwards.

Does exim enforce any size restrictions on addresses? If not this could eat up
some memory....


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 589] buffer overflow in moan_check_errorcopy() [ In reply to ]
masta at perlgolf
Aug 29, 2007, 3:06 AM
Post #2 of 3 (1014 views)
Permalink
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=589

Nico Erfurth <masta@perlgolf.de> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #208|application/octet-stream |text/plain
mime type| |
Attachment #208 is|0 |1
patch| |




--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 589] buffer overflow in moan_check_errorcopy() [ In reply to ]
ph10 at hermes
Aug 29, 2007, 7:04 AM
Post #3 of 3 (1039 views)
Permalink
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=589

Philip Hazel <ph10@hermes.cam.ac.uk> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED




--- Comment #2 from Philip Hazel <ph10@hermes.cam.ac.uk> 2007-08-29 15:04:07 ---
Patch committed. Not sure if a length limit is enforced, but this code is only
obeyed when generating a bounce at the end of a delivery process, so it
probably doesn't matter in practice.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal