inn-2.5.3 bug report
David Binderman
dcb314 at hotmail.com
Thu Jun 13 11:00:49 UTC 2013
Hello there,
I just ran the static analyser "cppcheck" over the source code of
inn-2.5.3 It said, amongst other things
[imap_connection.c:2386]: (error) Buffer is accessed out of bounds.
Offending source code is
sprintf(cxn->imap_currentTag,"%06d",cxn->imap_tag_num);
and
char imap_currentTag[IMAP_TAGLENGTH];
and
#define IMAP_TAGLENGTH 6
sprintf writes a trailing zero byte, so 6 + 1 into 6 won't go. Suggest
code rework.
Regards
David Binderman
More information about the inn-workers
mailing list