File: buffer-overflow.patch

package info (click to toggle)
proxsmtp 1.10-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,004 kB
  • sloc: sh: 3,950; ansic: 3,717; makefile: 43
file content (15 lines) | stat: -rw-r--r-- 510 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
From: Frank Lichtenheld <djpig@debian.org>
Subject: Fix potential buffer overflow identified by compiler

Does not look exploitable to me.
--- proxsmtp-1.10.orig/common/smtppass.c
+++ proxsmtp-1.10/common/smtppass.c
@@ -2035,7 +2035,7 @@ static void vmessage(spctx_t* ctx, int l
         strerror_r(e, buf + len, MAX_MSGLEN - len); */
 
         sp_lock();
-            strncat(buf, strerror(e), MAX_MSGLEN);
+            strncat(buf, strerror(e), MAX_MSGLEN - strlen(buf) - 1);
         sp_unlock();
     }