Bug#547947: closed by Henrique de Moraes Holschuh <hmh at debian.org> (Bug#547947: fixed in cyrus-imapd-2.2 2.2.13-17)

Henrique de Moraes Holschuh hmh at debian.org
Wed Sep 23 14:26:06 UTC 2009


On Wed, 23 Sep 2009, Giuseppe Iuculano wrote:
> Upstream patch is incomplete, in sieve/bc_eval.c after increasing scount it is
> better to use snprintf to avoid buffer overruns. Attached is the debdiff I used
> for stable-security

Well, without the snprintf, the only way to overrun the buffer that I can
see is to use a platform were ints are bigger than 64 bits (there are 21
bytes in scount after the patch, which means it can take 20 digits, which is
exactly enough for 64-bit unsigned int and also for 64-bit signed int + "-"
sign).

I have updated the patch in SVN to also use snprintf, but I don't think that
warrants a new upload by itself at all since we don't have any >64bit
platforms.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh





More information about the Pkg-Cyrus-imapd-Debian-devel mailing list