Re: [PATCH] fix insufficient memory allocation in imap/smtp code

[Simon Josefsson]

Enrico Scholz <address@hidden> writes:

> There was written 'line[pos + 1]' although only space for 'pos + 1'
> elements was allocated.

Thanks, pushed.

While reading the code, I noticed two other nits: 1) if getline for some
reason returns an empty string (e.g., if the first character read from
stdin is a NUL byte) the code write out of bounds, and 2) the code would
truncate strings with embedded NULs in input.  I fixed both:

http://git.savannah.gnu.org/cgit/gsasl.git/commit/

I think we are closing in on another release...

/Simon

> Signed-off-by: Enrico Scholz <address@hidden>
> ---
>  src/gsasl.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/gsasl.c b/src/gsasl.c
> index 81ce194..78bbc3c 100644
> --- a/src/gsasl.c
> +++ b/src/gsasl.c
> @@ -753,7 +753,7 @@ main (int argc, char *argv[])
>  
>                     if (pos < 2 || strcmp (&line[pos-2], "\r\n") != 0)
>                       {
> -                       char *tmp = realloc (line, pos + 1);
> +                       char *tmp = realloc (line, pos + 2);
>                         if (!tmp)
>                           error (EXIT_FAILURE, errno, "realloc");
>                         line = tmp;