aboutsummaryrefslogtreecommitdiffstats
path: root/website/security.html
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2021-08-09 17:42:29 +0200
committerMatthias Andree <matthias.andree@gmx.de>2021-08-09 17:42:29 +0200
commitd3db2da1d13bd2419370ad96defb92eecb17064c (patch)
tree3d6bd886cdf95fb45b56800d66175cbf3b37189f /website/security.html
parentf6ebe48b0a0cc75838d4b4f78e1af7f7d5cc96b9 (diff)
downloadfetchmail-d3db2da1d13bd2419370ad96defb92eecb17064c.tar.gz
fetchmail-d3db2da1d13bd2419370ad96defb92eecb17064c.tar.bz2
fetchmail-d3db2da1d13bd2419370ad96defb92eecb17064c.zip
Fix --logfile and message truncation issue.
Regression in 6.4.20's security fix (Git commit c546c829). We doubly incremented partial_message_size_used on modern systems (stdard.h/vsnprintf), once in report_vbuild() and then again in report_build(), so the 2nd and subsequent report_build() fragments landed too late in the buffer. This will not cause overruns due to the reallocation prior to the vsnprintf/sprintf, but it write starts behind the '\0' byte, instead of right over it, so the string also gets truncated to the first fragment written with report_vbuild(). Fix by moving the increment back into the #else...#endif part that does not use report_vbuild(). Reported by: Jürgen Edner, Erik Christiansen
Diffstat (limited to 'website/security.html')
0 files changed, 0 insertions, 0 deletions