[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Segmentation faults and malloc checkers

On Friday 26 April 2002 05:53, Howard Chu wrote:
> Optimization or not, this sounds suspicious to me. Pointing them out would
> be a good start.

sasl_getdn in sasl.c has:
        if( id &&
                ( id[sizeof( "anonymous" )-1] == '\0'
                        || id[sizeof( "anonymous" )-1] == '@' ) &&
                !strncasecmp( id, "anonymous", sizeof( "anonymous" )-1) ) {

If strlen(id)<sizeof("anonymous")-1 then the two subsequent checks read off 
the end of the id string.

For debugging, I've fixed this by changing the first line to:

if (id && strlen(id)<(sizeof(anonymous)-1) && 

You could also solve it by reordering, so that the strncasecmp comes 
immediately after the test on 'id'.



Simon Wilkinson            <simon@sxw.org.uk>          http://www.sxw.org.uk
"Go not to the elves for counsel, for they will say both yes and no.
-- J.R.R. Tolkien