I tested courier and courier-authlib compiled with address sanitizer.
This uncovered an out of bounds memory access in the file
authgetconfig.c in courier-authlib:
if (memcmp(p, env, l) == 0 &&
The problem here is that p might actually be shorter than l and thus
this reads invalid memory.
One possible fix (and probably the easiest) is to use strncmp instead.
See attached patch.
This is very similar to an issue I reported previously that got fixed
Please apply patch.
--- a/authgetconfig.c 2013-08-25 20:44:47.0 +0200
+++ b/authgetconfig.c 2015-11-14 19:08:02.909325278 +0100
@@ -76,7 +76,7 @@
for (i=0; i