use of strlcpy on overlapping source and destination
Julien ÉLIE
julien at trigofacile.com
Mon Feb 17 13:29:49 UTC 2014
Hi Florian,
> a little while back we had an issue where a user was denied posting with
> "address not in Internet syntax" while using a From address of the form
> a at test1.de. Debugging revealed that nnrpd copies a buffer into itself to
> look at the part behind the "@", and for very specific inputs on an old
> version of nnrpd that still uses strcpy (and our particular libc), the
> result did not contain the dot separating the top-level domain any more.
This version of nnrpd using strcpy is indeed a bit old (2.3 or even more
ancient).
> I'm unable to provide a working test case on current versions of nnrpd,
> but the From address check still copies overlapping parts of a buffer
> using strlcpy (and in INNs replacement implementation, memcpy), which
> can lead to undefined results. Fortunately the fix is easy, as making a
> copy is actually unnecessary (frombuf is not used later on):
It is something that needs fixing.
Thanks for your patch. I have just committed it. It will be shipped
with INN 2.5.4.
--
Julien ÉLIE
« Qu'est-ce que je vous sers pour arroser le sanglier bouilli ? De
l'eau chaude, de la cervoise tiède ou du vin rouge glacé ? »
(Astérix)
More information about the inn-workers
mailing list