#3636: Possible buffer overflow in smime.c
-----------------------+----------------------
Reporter: wfiveash | Owner: me
Type: defect | Status: assigned
Priority: major | Milestone:
Component: mutt | Version: 1.5.21
Resolution: | Keywords:
-----------------------+----------------------
Changes (by me):
* owner: mutt-dev => me
* status: new => assigned
Comment:
Looks like you are correct that the max field width does not include the
null terminator. The POSIX.1-2008 page is a little cryptic, but the
scanf() man page on my Ubuntu box says:
{{{
o An optional decimal integer which specifies the maximum
field width.
Reading of characters stops either when this maximum is
reached or when
a nonmatching character is found, whichever happens first.
Most
conversions discard initial white space characters (the
exceptions are
noted below), and these discarded characters don't count
toward the
maximum field width. String input conversions store a null
terminator
('\0') to mark the end of the input; the maximum field width
does not
include this terminator.
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3636#comment:2>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
