cURL / Mailing Lists / curl-library / Single Mail


Re: [SECURITY ADVISORY] libcurl SASL buffer overflow

From: Alessandro Ghedini <>
Date: Mon, 11 Feb 2013 14:34:43 +0100

On dom, feb 10, 2013 at 05:14:16 +0000, Steve Holme wrote:
> My only comment if you wanted to reduce code a little and save the amount of
> work snprintf() has to do is to replace the service variable and the
> following line:
> + snprintf(uri, sizeof(uri), "%s/%s", service, realm);
> With:
> + snprintf(uri, sizeof(uri), "smtp/%s", realm);

On dom, feb 10, 2013 at 06:03:40 +0100, Daniel Stenberg wrote:
> If I would make the patch, I would not introduce a new local array
> named 'service'. I would just have that first snprintf() use "smtp"
> instead of the first %s. But that's just a matter of style and
> taste, not a technical issue.

I have updated my patch to not use a separate service[] (for the curious, see
attachment). Btw, to anyone who may need it, feel free to use it.

Thanks to both!


perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'

List admin:

Received on 2013-02-11