Mercurial > dovecot > original-hg > dovecot-1.2

changeset 7441:ffd549b542c5 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
str_find_init() allocated too little memory for temporary suffixes buffer. Found by Diego Liziero.
author Timo Sirainen <tss@iki.fi>
date Sun, 30 Mar 2008 11:46:45 +0300
parents 213dd8e78ad8
children eec74a6ad62e
files src/lib/str-find.c
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib/str-find.c	Sun Mar 30 11:43:33 2008 +0300
+++ b/src/lib/str-find.c	Sun Mar 30 11:46:45 2008 +0300
@@ -1,5 +1,7 @@
 /* Copyright (c) 2007-2008 Dovecot authors, see the included COPYING file */
 
+/* @UNSAFE: whole file */
+
 #include "lib.h"
 #include "str-find.h"
 
@@ -53,7 +55,7 @@
 	unsigned int j, *suffixes;
 	int i;
 
-	suffixes = t_buffer_get(ctx->key_len);
+	suffixes = t_buffer_get(sizeof(*suffixes) * ctx->key_len);
 	init_suffixes(ctx, suffixes);
 
 	for (i = 0; i < (int)ctx->key_len; i++)
@@ -71,7 +73,7 @@
 	for (i = 0; i <= (int)ctx->key_len - 2; i++)
 		ctx->goodtab[len_1 - suffixes[i]] = len_1 - i;
 }
- 
+
 struct str_find_context *str_find_init(pool_t pool, const char *key)
 {
 	struct str_find_context *ctx;