Hanno Böck writes:


I tested courier and courier-authlib compiled with address sanitizer.
This uncovered an out of bounds memory access in the file
authgetconfig.c in courier-authlib:

                if (memcmp(p, env, l) == 0 &&

The problem here is that p might actually be shorter than l and thus
this reads invalid memory.

One possible fix (and probably the easiest) is to use strncmp instead.
See attached patch.

This looks ok, thanks for finding this.

Attachment: pgpVv0ipzwA8i.pgp
Description: PGP signature

courier-users mailing list
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to