Greetings everybody, I was suggested to incorporate commit [1] in the Debian dspam package. However, I was rightfully asked wether this is overflow-safe since strcpy is used. I suppose one of the _getline function is used to ensure CTX->username always ends with a '\0' and contains at max 1024 bytes but what about size of ATX->recipient >= strlen(CTX->username) + 1 ?
[1] http://dspam.git.sourceforge.net/git/gitweb.cgi?p=dspam/dspam;a=commit;h=cbed19764df8ecc1469f739ca33eb92aa3f67584 Best regards, Thomas Preud'homme
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel
