[exim-dev] [Bug 787] New: memory corruption in string_format…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Nigel Metheringham at ->
Delete this message
Reply to this message
Author: Eugene Bujak
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 787] New: memory corruption in string_format code
------- You are receiving this mail because: -------
You are on the CC list for the bug. 

http://bugs.exim.org/show_bug.cgi?id=787
           Summary: memory corruption in string_format code
           Product: Exim
           Version: 4.69
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: work:tiny
          Severity: bug
          Priority: medium
         Component: General execution
        AssignedTo: nigel@???
        ReportedBy: buyak@???
                CC: exim-dev@???



Created an attachment (id=289)
--> (http://bugs.exim.org/attachment.cgi?id=289)
Proposed patch.

Electric Fence has spotted a problem.

add this to main():
-----
char *teststring = malloc(3);
char *s = "Date: Fri, 12 Sep 2008 10:54:39 +0400\n";
string_format(teststring, 3, "%c %s", 'a', s);
fprintf (stdout, "%s", teststring);
-----

string_format() will happily overwrite beyond allocated memory.

Patch attached.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 786] tls_verify_hosts not verifying X509 signed from Outlook 2007Re: [exim-dev] [Bug 786] tls_verify_hosts not verifying X509 signed from Outlook 2007->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)