On 2024/03/20 17:36:01 +0100, Tassilo Philipp <tphil...@potion-studios.com> 
> Hi,
> while working on the DSN patches mentioned in another thread, I came 
> across an oversight in the final ORCPT patch that will be part of 7.5.0.
> Find the patch attached - IMHO, this patch should make it into 7.5.0, as 
> it's fixing an error writing to a wrong buffer, which could be abused 
> (from a cursory review it looks safe as that wrong destination buffer 
> big enough, but I haven't checked it thoroughly).

Thanks for spotting!  This has been committed and will be included in
7.5 (both OpenBSD and -portable.)

I don't think this can be abused since the dsn_orcpt buffer is zeroed,
so we're just going to truncate `opt', that we won't look at it again.
In any case, this had to be fixed.

Reply via email to