On Fri, 13 Feb 2004, Michael Haardt wrote:
> please help me understanding src/transports/appendfile.c:780:
>
> int size;
> int n = ovector[3] - ovector[2];
> Ustrncpy(buffer, name + ovector[2], n);
> buffer[n] = 0;
> size = Uatoi(buffer);
>
> Why not simply:
>
> int size;
> size = Uatoi(name + ovector[2]);
>
> Much to my surprise, Exim does not use strtol(), but atoi(), which means
> it never checks for overflows or appended junk. The above example does
> in particular not check for the number ending at name+ovector[3].
Why not indeed? I cannot remember why I wrote what I did; it looks like
a moment of inattention. (Assuming that I wrote it rather than importing
a patch - I cannot remember.)
As I am working in that area for the maildirsize stuff, I'll improve
that bit of code while I am there. Thanks for the pointer.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
