use of strlcpy on overlapping source and destination

Julien ÉLIE julien at trigofacile.com
Mon Feb 17 13:29:49 UTC 2014


Hi Florian,

> a little while back we had an issue where a user was denied posting with
> "address not in Internet syntax" while using a From address of the form
> a at test1.de. Debugging revealed that nnrpd copies a buffer into itself to
> look at the part behind the "@", and for very specific inputs on an old
> version of nnrpd that still uses strcpy (and our particular libc), the
> result did not contain the dot separating the top-level domain any more.

This version of nnrpd using strcpy is indeed a bit old (2.3 or even more 
ancient).


> I'm unable to provide a working test case on current versions of nnrpd,
> but the From address check still copies overlapping parts of a buffer
> using strlcpy (and in INNs replacement implementation, memcpy), which
> can lead to undefined results. Fortunately the fix is easy, as making a
> copy is actually unnecessary (frombuf is not used later on):

It is something that needs fixing.
Thanks for your patch.  I have just committed it.  It will be shipped 
with INN 2.5.4.

-- 
Julien ÉLIE

« Qu'est-ce que je vous sers pour arroser le sanglier bouilli ? De
   l'eau chaude, de la cervoise tiède ou du vin rouge glacé ? »
   (Astérix)


More information about the inn-workers mailing list