https://bugs.exim.org/show_bug.cgi?id=2617
Jeremy Harris <jgh146exb@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unallocated@??? |jgh146exb@???
Status|NEW |ASSIGNED
--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
Slightly awkward, since the problem buffer is passed in from the caller, and
it's called in seven places.
0 src/acl.c acl_check_condition 3202 submission_name =
string_copy(parse_fix_phrase(p+6, pp-p-6,
1 src/exim.c main 4772 originator_name =
string_copy(parse_fix_phrase(originator_name,
2 src/functions.h moan_tell_someone 369 extern const uschar
*parse_fix_phrase(const uschar *, int , uschar *, int );
3 src/parse.c parse_fix_phrase 989 parse_fix_phrase(const uschar
*phrase, int len, uschar *buffer, int buffer_size)
4 src/parse.c main 2118 printf("%s\n", CS
parse_fix_phrase(buffer, Ustrlen(buffer), outbuff,
5 src/rewrite.c rewrite_one 298 pf1 = parse_fix_phrase(new, p1 -
new, buff1, sizeof(buff1));
6 src/rewrite.c rewrite_one 300 pf2 = parse_fix_phrase(p2,
Ustrlen(p2), buff2, sizeof(buff2));
I'll go through the callers to see if I can discount any of them.
[ We trap an attempted copy of tainted data into untainted-use memory ]
--
You are receiving this mail because:
You are on the CC list for the bug.
