Re: [exim-dev] security improvement proposal : don’t assume…

トップ ページ
このメッセージは次のスレッドの一部です:
M\日付によるスレッドの仕分け
MMJeremy Harris 、 <-
 
このメッセージを削除
このメッセージに返信
著者: Jasen Betts
日付:  
To: exim-dev
題目: Re: [exim-dev] security improvement proposal : don’t assume int is equal to pointer size.
On 2016-04-21, none <ytrezq@???> wrote:
> Hello,
>
> As you know, using signed int instead of size_t for string size handling
> is a common source of potential remote code execution…
> The use of int in strn* functions and elsewhere seems to be the norm for
> exim (with a few exceptions). While I agree most integers in that case
> will never grow up to INT_MAX.

It seems to me that exim refuses to manipulate stings over 32767 bytes long.
that should be enough to make it safe.


--
\_(ツ)_

このメッセージは次のメーリングリストに投稿されました:
Exim-dev
メーリングリスト情報 | となりのメッセージ		<-Re: [exim-dev] security improvement proposal : don’t assume int is equal to pointer size.Re: [exim-dev] security improvement proposal : don’t assume int is equal to pointer size.->
Tahini and Hummus and Cumin Development Archives サイト管理人: cumin AdminsLurker (バージョン 2.3)