Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
exim
CVE-2010-4344.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2010-4344.diff of Package exim
Subject: memory corruption in string_format code Bugzilla: beo#787, bnc#658731 CVE-ID: CVE-2010-4344 Index: exim-4.69/src/string.c =================================================================== --- exim-4.69.orig/src/string.c +++ exim-4.69/src/string.c @@ -1267,10 +1267,17 @@ while (*fp != 0) not OK, add part of the string (debugging uses this to show as much as possible). */ + if (p == last) + { + yield = FALSE; + goto END_FORMAT; + } if (p >= last - width) { yield = FALSE; width = precision = last - p - 1; + if (width < 0) width = 0; + if (precision < 0) precision = 0; } sprintf(CS p, "%*.*s", width, precision, s); if (fp[-1] == 'S')
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor