Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

Mutt Thu, 03 May 2007 14:20:07 -0700

#2885: Buffer overflows in mutt_gecos_name

Comment (by raylai):


 Actually this is all that is necessary:
 {{{
 --- muttlib.c.orig      Thu May  3 09:41:31 2007
 +++ muttlib.c   Thu May  3 13:54:16 2007
 @@ -536,7 +536,9 @@ char *mutt_gecos_name (char *dest, size_t destlen, str
    {
      if (dest[idx] == '&')
      {
 -      memmove (&dest[idx + pwnl], &dest[idx + 1],
 +      /* Don't move if destination is outside buffer. */
 +      if (idx + pwnl < destlen)
 +        memmove (&dest[idx + pwnl], &dest[idx + 1],
                MAX(destlen - idx - pwnl - 1, 0));
        memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
        dest[idx] = toupper ((unsigned char) dest[idx]);
 |||

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2885#comment:1>

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

Reply via email to