http://bugzilla.suse.com/show_bug.cgi?id=1084647
http://bugzilla.suse.com/show_bug.cgi?id=1084647#c4
--- Comment #4 from Martin Liška
cyrus-sasl uses this problematic variable-length structure: 202 /* Plain text password structure. 203 * len is the length of the password, data is the text. 204 */ 205 typedef struct sasl_secret {
206 unsigned long len; 207 unsigned char data[1]; /* variable sized */ 208 } sasl_secret_t;
It allocates a memory for it like this: 291 sec = sparams->utils->malloc(sizeof(sasl_secret_t) + len);
And then gcc checks catch the "overflow" in eg: 295 strncpy((char *)sec->data, auxprop_values[0].values[0], len + 1);
Thanks. That said, let me take a look. -- You are receiving this mail because: You are on the CC list for the bug.