Bug Tracker item #3605628, was opened at 2013-02-22 01:22 Message generated for change (Tracker Item Submitted) made by robotux You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=3605628&group_id=250683
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: GIT Status: Open Resolution: None Priority: 5 Private: No Submitted By: Thomas Preud'homme (robotux) Assigned to: Nobody/Anonymous (nobody) Summary: Unsafe use of strcpy in dspam.c Initial Comment: Hi Stevan, while trying to determine if commit cbed19764df8ecc1469f739ca33eb92aa3f67584 is overflow safe, I noticed an unsafe use of strcpy in dspam.c, (at line 1701 at commit f6c5008357248cf357b6666c7a6a4618fcf52d89). If the domain name is longer than the extension, then strcpy is made on overlapping memory which is not guaranteed to work. AFAIK, it should fail with recent glibc since they take advantage of the fact areas should not overlap on strcpy to make more optimizations. Memmove should be used instead. Best regards, Thomas ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=3605628&group_id=250683 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel
