inn-workers Digest, Vol 60, Issue 3

inn-workers-request Tue, 18 Feb 2014 04:00:22 -0800

Send inn-workers mailing list submissions to
        [email protected]


To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
        [email protected]

You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."


Today's Topics:

   1. Re: use of strlcpy on overlapping source and destination
      (Julien ?LIE)


----------------------------------------------------------------------

Message: 1
Date: Mon, 17 Feb 2014 14:29:49 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: use of strlcpy on overlapping source and destination
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi Florian,

> a little while back we had an issue where a user was denied posting with
> "address not in Internet syntax" while using a From address of the form
> [email protected]. Debugging revealed that nnrpd copies a buffer into itself to
> look at the part behind the "@", and for very specific inputs on an old
> version of nnrpd that still uses strcpy (and our particular libc), the
> result did not contain the dot separating the top-level domain any more.

This version of nnrpd using strcpy is indeed a bit old (2.3 or even more 
ancient).


> I'm unable to provide a working test case on current versions of nnrpd,
> but the From address check still copies overlapping parts of a buffer
> using strlcpy (and in INNs replacement implementation, memcpy), which
> can lead to undefined results. Fortunately the fix is easy, as making a
> copy is actually unnecessary (frombuf is not used later on):

It is something that needs fixing.
Thanks for your patch.  I have just committed it.  It will be shipped 
with INN 2.5.4.

-- 
Julien ?LIE

? Qu'est-ce que je vous sers pour arroser le sanglier bouilli ? De
   l'eau chaude, de la cervoise ti?de ou du vin rouge glac? ? ?
   (Ast?rix)


------------------------------

_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers

End of inn-workers Digest, Vol 60, Issue 3
******************************************

inn-workers Digest, Vol 60, Issue 3

Reply via email to