search for: pstrdup

...elow is a bit of a hack. in some sense the remote_ip might make more sense in the AUTH_LOGIN_REQUEST_NEW packet rather than the continue packet... but that looked like i'd have to change more code :) btw -- is there anything which stops mech_plain_auth_continue from doing a somewhat unbounded pstrdup if you send "a\0b" for the auth string? -dean diff -rpu dovecot-0.99.10.6.deborig/debian/changelog dovecot-0.99.10.6/debian/changelog --- dovecot-0.99.10.6.deborig/debian/changelog 2004-07-08 18:11:55.000000000 -0700 +++ dovecot-0.99.10.6/debian/changelog 2004-07-08 18:34:40.000000000 -...

...libraries, can be up to 255 characters long, is stuffed into this buffer, along with the string "apache=" and a number. The offending code reads: void make_cookie(request_rec *r) { struct timeval tv; char new_cookie[100]; /* blurgh */ char *dot; const char *rname = pstrdup(r->pool, get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME)); struct timezone tz = { 0 , 0 }; if ((dot = strchr(rname,''.''))) *dot=''\0''; /* First bit of host...