inn-2.5.3 bug report

David Binderman dcb314 at hotmail.com
Thu Jun 13 11:00:49 UTC 2013


Hello there,

I just ran the static analyser "cppcheck" over the source code of
inn-2.5.3 It said, amongst other things

[imap_connection.c:2386]: (error) Buffer is accessed out of bounds.

Offending source code is

    sprintf(cxn->imap_currentTag,"%06d",cxn->imap_tag_num);

and

    char imap_currentTag[IMAP_TAGLENGTH];

and

#define IMAP_TAGLENGTH 6

sprintf writes a trailing zero byte, so 6 + 1 into 6 won't go. Suggest
code rework.

Regards

David Binderman 		 	   		  


More information about the inn-workers mailing list