[PATCH] close potential buffer overflow in prot_flush (was: Re: [PATCH] imapd segfaults after broken pipe)

Henrique de Moraes Holschuh hmh at debian.org
Sun Jan 5 11:40:26 EST 2003


On Sun, 05 Jan 2003, Henrique de Moraes Holschuh wrote:
> On Sun, 05 Jan 2003, Gerd v. Egidy wrote:
> > > The attached patch fixes this.

The attached patch fixes the bug in prot_flush. It also adds an assert that
protects the code from another potentially letal bug.

Gerd's patch fixes another issue, which is that putc really should not be
suceeding on write streams that are on error or closed.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
-------------- next part --------------
Index: lib/prot.c
===================================================================
RCS file: /home/cvs/debian/cyrus21-imapd/lib/prot.c,v
retrieving revision 1.9
diff -u -r1.9 prot.c
--- lib/prot.c	26 Oct 2002 13:00:17 -0000	1.9
+++ lib/prot.c	5 Jan 2003 16:25:55 -0000
@@ -214,6 +214,7 @@
 int prot_setflushonread(struct protstream *s, struct protstream *flushs)
 {
     assert(!s->write);
+    if (flushs) assert(flushs->write);
 
     s->flushonread = flushs;
     return 0;
@@ -589,6 +590,9 @@
 #endif /* HAVE_SSL */
 	if (n == -1 && errno != EINTR) {
 	    s->error = xstrdup(strerror(errno));
+	    /* Reset the output buffer, we are returning EOF */
+	    s->ptr = s->buf;
+	    s->cnt = s->maxplain;
 	    return EOF;
 	}
 


More information about the Info-cyrus mailing list