Hi, all

I am reading exim code now. A piece of code in auth_client_item()
come to my attention.

https://github.com/Exim/exim/blob/master/src/src/auths/get_data.c#L172

I didn't do full test.
I wonder if `ss` could be something like this: '^^^^', or '^^aaaaaaaa^'.
If so, then `len` could be less than `i`, lead to memory corruption in
memmove.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to