diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2021-08-09 17:42:29 +0200 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2021-08-09 17:42:29 +0200 |
commit | d3db2da1d13bd2419370ad96defb92eecb17064c (patch) | |
tree | 3d6bd886cdf95fb45b56800d66175cbf3b37189f /fetchmail-SA-2008-01.txt | |
parent | f6ebe48b0a0cc75838d4b4f78e1af7f7d5cc96b9 (diff) | |
download | fetchmail-d3db2da1d13bd2419370ad96defb92eecb17064c.tar.gz fetchmail-d3db2da1d13bd2419370ad96defb92eecb17064c.tar.bz2 fetchmail-d3db2da1d13bd2419370ad96defb92eecb17064c.zip |
Fix --logfile and message truncation issue.
Regression in 6.4.20's security fix (Git commit c546c829).
We doubly incremented partial_message_size_used on modern systems
(stdard.h/vsnprintf), once in report_vbuild() and then again in
report_build(), so the 2nd and subsequent report_build() fragments
landed too late in the buffer. This will not cause overruns due to the
reallocation prior to the vsnprintf/sprintf, but it write starts behind
the '\0' byte, instead of right over it, so the string also gets
truncated to the first fragment written with report_vbuild().
Fix by moving the increment back into the #else...#endif part that does
not use report_vbuild().
Reported by: Jürgen Edner, Erik Christiansen
Diffstat (limited to 'fetchmail-SA-2008-01.txt')
0 files changed, 0 insertions, 0 deletions