Summary: | net-mail/vpopmail _FORTIFY_SOURCE indicates presence of overflow | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Current packages | Assignee: | Qmail Team (OBSOLETE) <qmail-bugs+disabled> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 259417 | ||
Attachments: | Build log |
Description
Diego Elio Pettenò (RETIRED)
2010-10-30 09:32:49 UTC
Created attachment 252563 [details]
Build log
This is a typical case of using a magic constant as the snprintf length argument instead of using sizeof to let the compiler insert the proper length. The offending calls in vlistlib.c can be fixed by doing: sed -e 's/\(snprintf(\s*\(LI->[a-zA-Z_]\+\),\s*\)[a-zA-Z_]\+,/\1 sizeof(\2),/' InCVS |