Hello,
please help me understanding src/transports/appendfile.c:780:
int size;
int n = ovector[3] - ovector[2];
Ustrncpy(buffer, name + ovector[2], n);
buffer[n] = 0;
size = Uatoi(buffer);
Why not simply:
int size;
size = Uatoi(name + ovector[2]);
Much to my surprise, Exim does not use strtol(), but atoi(), which means
it never checks for overflows or appended junk. The above example does
in particular not check for the number ending at name+ovector[3].
Michael