Re: AW: [Exim] buffer overflow?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Hirling Endre
CC: exim-users
Subject: Re: AW: [Exim] buffer overflow?
On Mon, 18 Jun 2001, Hirling Endre wrote:

> > 3.30 doesn't fix the segfault. There is a static, 256-byte buffer in tree.c
> > that's overwritten in address_prepare, causing the global variable
> > message_id to be corrupted.
>
> The attached small patch fixed this segfault for me. Please look at it and
> send me any comments.


Clearly I had brain fade when I wrote that; I was thinking addresses
were limited to 256, when it is *domains* that are so limited (and Exim
wasn't checking - as was pointed out).

Now that it checks the length of addresses on the command line, an even
smaller patch would be to s/256/512/.

Incidentally, this particular function has been abolished in Exim 4
because I've reorganized the way Exim handles the casing of domain
names. So I'm inclined to go for the trivial s/256/512/ patch.

I think I'd better wait a few days to see what else comes in before
releasing 3.31. :-(

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.