INN commit: branches/2.5 (doc/pod/news.pod innfeed/imap_connection.c)
INN Commit
rra at isc.org
Tue Jun 25 17:27:44 UTC 2013
Date: Tuesday, June 25, 2013 @ 10:27:44
Author: iulius
Revision: 9495
imapfeed: fix buffer overflow
Fixed a buffer overflow when using imapfeed with more than a million
commands during the same IMAP session.
Thanks to David Binderman for having reported the issue.
Modified:
branches/2.5/doc/pod/news.pod
branches/2.5/innfeed/imap_connection.c
---------------------------+
doc/pod/news.pod | 8 +++++++-
innfeed/imap_connection.c | 4 ++--
2 files changed, 9 insertions(+), 3 deletions(-)
Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod 2013-06-25 17:27:13 UTC (rev 9494)
+++ doc/pod/news.pod 2013-06-25 17:27:44 UTC (rev 9495)
@@ -33,7 +33,13 @@
=item *
-Fix a Perl warning in B<inncheck>; using C<defined(@array)> has been
+Fixed a buffer overflow when using B<imapfeed> with more than a million
+commands during the same IMAP session. Thanks to David Binderman for
+the bug report.
+
+=item *
+
+Fixed a Perl warning in B<inncheck>; using C<defined(@array)> has been
deprecated since S<Perl 5.16>.
=item *
Modified: innfeed/imap_connection.c
===================================================================
--- innfeed/imap_connection.c 2013-06-25 17:27:13 UTC (rev 9494)
+++ innfeed/imap_connection.c 2013-06-25 17:27:44 UTC (rev 9495)
@@ -343,7 +343,7 @@
int imap_disconnects;
char *imap_tofree_str;
- char imap_currentTag[IMAP_TAGLENGTH];
+ char imap_currentTag[IMAP_TAGLENGTH+1];
int imap_tag_num;
/* Timer for the max amount of time to wait for a response from the
@@ -2383,7 +2383,7 @@
static void imap_GetTag(connection_t *cxn)
{
- sprintf(cxn->imap_currentTag,"%06d",cxn->imap_tag_num);
+ snprintf(cxn->imap_currentTag, IMAP_TAGLENGTH+1, "%06d", cxn->imap_tag_num);
cxn->imap_tag_num++;
if (cxn->imap_tag_num >= 999999)
{
More information about the inn-committers
mailing list