On 2016-04-21, none <[email protected]> wrote: > Hello, > > As you know, using signed int instead of size_t for string size handling > is a common source of potential remote code execution… > The use of int in strn* functions and elsewhere seems to be the norm for > exim (with a few exceptions). While I agree most integers in that case > will never grow up to INT_MAX.
It seems to me that exim refuses to manipulate stings over 32767 bytes long. that should be enough to make it safe. -- \_(ツ)_ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
