RE: [Exim] Another small patch, please comment

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MNico Erfurth at <-
M\michael at ->
Delete this message
Reply to this message
Author: SpamTalk
Date:  
To: exim-users
Subject: RE: [Exim] Another small patch, please comment
Michael,

I have not done any digging at all in Exim source, however I do have a great
number of years coding in C and many other languages. If the formal
declaration of the function declares that it will copy n bytes FROM THE
SOURCE STRING then what you proposed would be correct. However, that
functionality is not what a programmer unfamiliar with subtle nuances of
Exim functions would expect from the function name. One of the other posters
is correct it is "str" and not "mem" function. The better proposal would be
to define (and highlight in the documentation) a "memcat" function that
would work as you describe and would copy beyond the nul. Chances are we
would not see an exception as the source string/array would be in the middle
of constant pool or the stack and the copy would not go out of bounds of the
segment. But I would not recommend unexpected/undocumented behaviors of
stepping past the nul of a string in a "str" function as a coding practice
for such a widely accepted open source project as Exim.

Best Regards,
Bob

Robert J. Strickler
Sr. Consultant
Net56
1266 W. Northwest Hwy.
Suite 740
Palatine, IL 60067


-----Original Message-----
From: michael@??? [mailto:michael@freenet-ag.de]
Sent: Thursday, April 03, 2003 10:00 AM
To: exim-users@???
Subject: RE: [Exim] Another small patch, please comment


> The memcpy is a memory exception waiting to happen. It would copy
> random bytes off the stack beyond the end of the string. You need to
> do the string copy of the source string and then fill the unused
> bytes.

That would only happen if a too long string length was passed to string_cat.
As it is, the function appears to be used only to copy part of a string,
where memcpy does not make a difference, or at some cases the full string
including a terminating NUL. I did not see a call where a greater length
than the string size is passed to the function. That would probably be a bug
anyway and asking for trouble in case the source string is not NUL
terminated. But Exim may try that for good reasons and I just didn't see
it, hence my request for comments.

Michael

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Auth SMTP Relay[Exim] problem with extract in system filter->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)