Closed
Bug 429630
Opened 16 years ago
Closed 16 years ago
Bug 362213 – heap overflow in MimeExternalBody_parse_eof still may cause troube
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: guninski, Assigned: dveditz)
Details
Bug 362213 Comment #9 >David Bienvenu 2006-12-04 07:37:03 PDT >all the strings get concatenated together, so we have to add all the strlens... >you're right that 100 is too small - it needs to be ~76 (the total length of >the header strings) + (4 * 12) (the per header overhead times the number of >possible headers). That would handle the case where all the headers are >present...So 150 would be a safe number... http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/mailnews/mime/src/mimeebod.cpp&rev=1.31&mark=333#333 333 (url ? strlen(url) : 0) + 100); as per the quoted comment the constant 100 seems wrong, probably leading to overflow...
Reporter | ||
Updated•16 years ago
|
Whiteboard: [sg: critical?]
Reporter | ||
Comment 1•16 years ago
|
||
ooops, this paranoia was unjustified. see Bug 362213 Comment #12 => invalid according to real debugging
Whiteboard: [sg: critical?]
Reporter | ||
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•16 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•