[exim-dev] [Bug 2617] Taint mismatch in parse_fix_phrase

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2617] Taint mismatch in parse_fix_phrase
https://bugs.exim.org/show_bug.cgi?id=2617

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unallocated@???        |jgh146exb@???
             Status|NEW                         |ASSIGNED


--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
Slightly awkward, since the problem buffer is passed in from the caller, and
it's called in seven places.

0 src/acl.c       acl_check_condition 3202 submission_name =
string_copy(parse_fix_phrase(p+6, pp-p-6,
1 src/exim.c      main                4772 originator_name =
string_copy(parse_fix_phrase(originator_name,
2 src/functions.h moan_tell_someone    369 extern const uschar
*parse_fix_phrase(const uschar *, int , uschar *, int );
3 src/parse.c     parse_fix_phrase     989 parse_fix_phrase(const uschar
*phrase, int len, uschar *buffer, int buffer_size)
4 src/parse.c     main                2118 printf("%s\n", CS
parse_fix_phrase(buffer, Ustrlen(buffer), outbuff,
5 src/rewrite.c   rewrite_one          298 pf1 = parse_fix_phrase(new, p1 -
new, buff1, sizeof(buff1));
6 src/rewrite.c   rewrite_one          300 pf2 = parse_fix_phrase(p2,
Ustrlen(p2), buff2, sizeof(buff2));


I'll go through the callers to see if I can discount any of them.

[ We trap an attempted copy of tainted data into untainted-use memory ]

--
You are receiving this mail because:
You are on the CC list for the bug.