[exim-dev] [Bug 2145] Buffer underflow and buffer overflow b…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2145] Buffer underflow and buffer overflow by default
https://bugs.exim.org/show_bug.cgi?id=2145

Git Commit <git@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |git@???


--- Comment #1 from Git Commit <git@???> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/cd2e3fd052d5c6beceb412f6741b78622c759014

commit cd2e3fd052d5c6beceb412f6741b78622c759014
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jul 9 14:29:31 2017 +0100
Commit:     Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jul 9 14:29:31 2017 +0100


    Avoid creating before-buffer pointer.  Bug 2145


    Found by: ASAN / <ago@???>
---
 src/src/log.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


diff --git a/src/src/log.c b/src/src/log.c
index ddd7137..62ee629 100644
--- a/src/src/log.c
+++ b/src/src/log.c
@@ -391,7 +391,7 @@ it gets statted to see if it has been cycled. With a
datestamp, the datestamp
will be compared. The static slot for saving it is the same size as buffer,
and the text has been checked above to fit, so this use of strcpy() is OK. */

-if (type == lt_main)
+if (type == lt_main && string_datestamp_offset >= 0)
{
Ustrcpy(mainlog_name, buffer);
mainlog_datestamp = mainlog_name + string_datestamp_offset;
@@ -399,7 +399,7 @@ if (type == lt_main)

/* Ditto for the reject log */

-else if (type == lt_reject)
+else if (type == lt_reject && string_datestamp_offset >= 0)
   {
   Ustrcpy(rejectlog_name, buffer);
   rejectlog_datestamp = rejectlog_name + string_datestamp_offset;
@@ -1000,7 +1000,7 @@ if (  flags & LOG_MAIN
     operation. This happens at midnight, at which point we want to roll over
     the file. Closing it has the desired effect. */


-    if (mainlog_datestamp != NULL)
+    if (mainlog_datestamp)
       {
       uschar *nowstamp = tod_stamp(string_datestamp_type);
       if (Ustrncmp (mainlog_datestamp, nowstamp, Ustrlen(nowstamp)) != 0)


--
You are receiving this mail because:
You are on the CC list for the bug.