[exim-dev] security improvement proposal : don’t assume int …

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: none
Fecha:  
A: exim-dev
Asunto: [exim-dev] security improvement proposal : don’t assume int is equal to pointer size.
Hello,

As you know, using signed int instead of size_t for string size handling
is a common source of potential remote code execution…
The use of int in strn* functions and elsewhere seems to be the norm for
exim (with a few exceptions). While I agree most integers in that case
will never grow up to INT_MAX.

Why not doing the safest by default ? I mean using size_t for essential
string.c functions and the integers representing sizes that use them ?
Of course I can create a patch for such change myself.