diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2020-03-29 00:38:37 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2020-03-29 00:49:40 +0100 |
| commit | d9cfb9960dd1f39861e592d5eef4589810f2cb48 (patch) | |
| tree | f5697db99d98ae3765709441af067fc9ccdee2e1 /NEWS | |
| parent | e9f7a61890f9ecf6eb20490f6f9936dc6c9ea250 (diff) | |
| download | fetchmail-d9cfb9960dd1f39861e592d5eef4589810f2cb48.tar.gz fetchmail-d9cfb9960dd1f39861e592d5eef4589810f2cb48.tar.bz2 fetchmail-d9cfb9960dd1f39861e592d5eef4589810f2cb48.zip | |
Fix garbage at end of plugin string with %h and/or %p
Commit 418cda65 from merge request !5 fixed an input buffer overrun but at the
same time caused the terminating NUL byte in the output buffer to be written
too late, 2 bytes per placeholder.
Fix the size calculation for correctness, and use the output index
and not the output length to terminate the output string.
Fixes #16, reported by Stefan Thurner. [All references for Gitlab.]
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -65,6 +65,16 @@ removed from a 6.5.0 or newer release.) -------------------------------------------------------------------------------- +fetchmail-6.4.3 (WIP) + +## BUGFIX: +* fetchmail terminated the placeholder command string too late and included + garbage from the heap at the end of the string. Workaround: don't use place- + holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging + Gitlab merge request !5 in order to fix an input buffer overrun. + Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd. + Reported by Stefan Thurner. + fetchmail-6.4.2 (released 2020-02-14, 27473 LoC): ## BREAKING CHANGES: |