Perfect, thanks! You are right, this didn't copy anything. I just
noticed it now, b/c I need that param for the DSN work I'm currently
working on.
And sorry for not spotting this earlier, when I tested that final
version of the ORCPT patch, a while ago.
:)
On Wed, Mar 20, 2024 at 07:08:40PM +0100, Omar Polo wrote:
On 2024/03/20 17:36:01 +0100, Tassilo Philipp <tphil...@potion-studios.com>
wrote:
Hi,
while working on the DSN patches mentioned in another thread, I came
across an oversight in the final ORCPT patch that will be part of 7.5.0.
Find the patch attached - IMHO, this patch should make it into 7.5.0, as
it's fixing an error writing to a wrong buffer, which could be abused
(from a cursory review it looks safe as that wrong destination buffer
big enough, but I haven't checked it thoroughly).
Thanks for spotting! This has been committed and will be included in
7.5 (both OpenBSD and -portable.)
I don't think this can be abused since the dsn_orcpt buffer is zeroed,
so we're just going to truncate `opt', that we won't look at it again.
In any case, this had to be fixed.