https://bugs.exim.org/show_bug.cgi?id=2617
Jeremy Harris <jgh146...@wizmail.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|unalloca...@exim.org |jgh146...@wizmail.org Status|NEW |ASSIGNED --- Comment #1 from Jeremy Harris <jgh146...@wizmail.org> --- Slightly awkward, since the problem buffer is passed in from the caller, and it's called in seven places. 0 src/acl.c acl_check_condition 3202 submission_name = string_copy(parse_fix_phrase(p+6, pp-p-6, 1 src/exim.c main 4772 originator_name = string_copy(parse_fix_phrase(originator_name, 2 src/functions.h moan_tell_someone 369 extern const uschar *parse_fix_phrase(const uschar *, int , uschar *, int ); 3 src/parse.c parse_fix_phrase 989 parse_fix_phrase(const uschar *phrase, int len, uschar *buffer, int buffer_size) 4 src/parse.c main 2118 printf("%s\n", CS parse_fix_phrase(buffer, Ustrlen(buffer), outbuff, 5 src/rewrite.c rewrite_one 298 pf1 = parse_fix_phrase(new, p1 - new, buff1, sizeof(buff1)); 6 src/rewrite.c rewrite_one 300 pf2 = parse_fix_phrase(p2, Ustrlen(p2), buff2, sizeof(buff2)); I'll go through the callers to see if I can discount any of them. [ We trap an attempted copy of tainted data into untainted-use memory ] -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##