Hi, all I am reading exim code now. A piece of code in auth_client_item() come to my attention.
https://github.com/Exim/exim/blob/master/src/src/auths/get_data.c#L172 I didn't do full test. I wonder if `ss` could be something like this: '^^^^', or '^^aaaaaaaa^'. If so, then `len` could be less than `i`, lead to memory corruption in memmove. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
