Hello,
As you know, using signed int instead of size_t for string size handling
is a common source of potential remote code execution…
The use of int in strn* functions and elsewhere seems to be the norm for
exim (with a few exceptions). While I agree most integers in that case
will never grow up to INT_MAX.
Why not doing the safest by default ? I mean using size_t for essential
string.c functions and the integers representing sizes that use them ?
Of course I can create a patch for such change myself.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
