[prev in list] [next in list] [prev in thread] [next in thread] 

List:       c-client
Subject:    Re: buffer size checking in rfc822_[write_]address?
From:       Mark Crispin <mrc () CAC ! Washington ! EDU>
Date:       2001-09-27 22:27:04
[Download RAW message or body]

On Tue, 4 Sep 2001, Vadim Zeitlin wrote:
>  are there any plans to add checks for the provided buffer size (i.e. an
> additional size_t argument) for these 2 functions?

These are very old functions (from the very first version of c-client!)
and, as you discovered, don't buffer check.  It was a kinder gentler world
back then, when nobody sent messages to 100+ addresses unless they were
using a defined mailing list, and you got flamed if you had more than
about 10 lines of header in your message...  :-)

You need to do something like what is done by mail_search_addr() to limit
check your buffer.  Pine does something similar.  Eventually, something
better will be done, but it is low down on my list of priorities since
it'll involve an interface change (meaning compatibility macros, sigh).

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.

[prev in list] [next in list] [prev in thread] [next in thread]