[exim-dev] [Bug 787] New: memory corruption in string_format…

Top Page
Delete this message
Reply to this message
Author: Eugene Bujak
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 787] New: memory corruption in string_format code
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=787
           Summary: memory corruption in string_format code
           Product: Exim
           Version: 4.69
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: work:tiny
          Severity: bug
          Priority: medium
         Component: General execution
        AssignedTo: nigel@???
        ReportedBy: buyak@???
                CC: exim-dev@???



Created an attachment (id=289)
--> (http://bugs.exim.org/attachment.cgi?id=289)
Proposed patch.

Electric Fence has spotted a problem.

add this to main():
-----
char *teststring = malloc(3);
char *s = "Date: Fri, 12 Sep 2008 10:54:39 +0400\n";
string_format(teststring, 3, "%c %s", 'a', s);
fprintf (stdout, "%s", teststring);
-----

string_format() will happily overwrite beyond allocated memory.

Patch attached.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email