cURL / Mailing Lists / curl-library / Single Mail


RE: [SECURITY ADVISORY] libcurl SASL buffer overflow

From: Steve Holme <>
Date: Sun, 10 Feb 2013 17:14:16 +0000


On Sun, 10 Feb 2013, Alessandro Ghedini wrote:

> I'm working on adapting the above patch for curl
> 7.26.0 which is the version currently in Debian
> Wheezy (being it in freeze, it's not possible to
> update to 7.29.0).
> Could someone please have a look at the
> attached patch? Is it enough, or is there
> someting I've missed?

No that pretty much covers it. The main thing is to use a buffer size aware
string copy function on both the uri and response strings.

My only comment if you wanted to reduce code a little and save the amount of
work snprintf() has to do is to replace the service variable and the
following line:

+ snprintf(uri, sizeof(uri), "%s/%s", service, realm);


+ snprintf(uri, sizeof(uri), "smtp/%s", realm);

I hope this helps.

Kind Regards

List admin:
Received on 2013-02-10