Hanno Böck writes:
Hi,I tested courier and courier-authlib compiled with address sanitizer. This uncovered an out of bounds memory access in the file authgetconfig.c in courier-authlib: if (memcmp(p, env, l) == 0 && The problem here is that p might actually be shorter than l and thus this reads invalid memory. One possible fix (and probably the easiest) is to use strncmp instead. See attached patch.
This looks ok, thanks for finding this.
pgpVv0ipzwA8i.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
