[exim-dev] [Bug 662] New: stack corruption in daemon exec co…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Tony Finch at ->
Delete this message
Reply to this message
Author: Marcus Meissner
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 662] New: stack corruption in daemon exec code
------- You are receiving this mail because: -------
You are on the CC list for the bug. 

http://bugs.exim.org/show_bug.cgi?id=662
           Summary: stack corruption in daemon exec code
           Product: Exim
           Version: 4.69
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: Eximon
        AssignedTo: nigel@???
        ReportedBy: meissner@???
                CC: exim-dev@???



gcc 4.3 spotted this problem:

daemon.c:1696: warning: array subscript is above array bounds

and yes, uschar *extra[4] should have been [5] instead.

patch attached.

I am unsure of the security consequences, but it is possible to corrupt bits of
the stack in this function. Might also depend on the compiler.

Patch attached.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] Bug 661[exim-dev] [Bug 663] New: $spam_score[_int] mismatch (rounding?)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)