"README.md" did not exist on "ed65ab5df4a9d204c6ad09635e4b6e10bd7b4876"
Select Git revision
trees-common.c
-
David Goulet authoredTomasz Miąsko reported multiple issues with the trees_read_line_fd using the trees_password_fd field. It is currently unused which used to be used by the unit tests and dovadm in the Posteo scrambler plugin. The issues are: In trees_read_line_fd(), this check is bad: if (bytes_read > MAXIMAL_PASSWORD_LENGTH) Currently it is incorrect because when "bytes_read > MAXIMAL_PASSWORD_LENGTH" is true, then buffer capacity is already exceeded (or just right if you take into account one byte slack allocated in str_new for terminating null). Moreover, the buffer will be overrun by one more byte in "pointer[0] = 0;" after leaving the loop. Reported-by:
Tomasz Miąsko <tomasz.miasko@gmail.com>
Signed-off-by: David Goulet <dgoulet@riseup.net>David Goulet authoredTomasz Miąsko reported multiple issues with the trees_read_line_fd using the trees_password_fd field. It is currently unused which used to be used by the unit tests and dovadm in the Posteo scrambler plugin. The issues are: In trees_read_line_fd(), this check is bad: if (bytes_read > MAXIMAL_PASSWORD_LENGTH) Currently it is incorrect because when "bytes_read > MAXIMAL_PASSWORD_LENGTH" is true, then buffer capacity is already exceeded (or just right if you take into account one byte slack allocated in str_new for terminating null). Moreover, the buffer will be overrun by one more byte in "pointer[0] = 0;" after leaving the loop. Reported-by:Tomasz Miąsko <tomasz.miasko@gmail.com>
Signed-off-by: David Goulet <dgoulet@riseup.net>