Found bug in send.c, function: smtp_answer (libbalsa directory) in balsa 1.0.0


The function looks like this (I have removed comments and empty lines):

static int smtp_answer(int fd) {                                           
    char *tmp, buffer[512];                     
    char code[4];
    int bytes = 0;
    tmp = buffer;                                                          
    bytes = (int) read(fd, tmp, sizeof(buffer));                           
    strncpy(code, buffer, 3);                                              
    switch (atoi(code)) {   

So, the array code[4] is not initialised to have '0'. Because this is local
variable, the compiler doesn't initialise it either.
The function strncpy doesn't add null character at the end.
In uninitialised variable may be anything.
And if in code[3] is a digit, then we have a problem.
So before doing atoi we should put something like this:

It fixes a strange bug described by me earlier in message:
Funny bug in balsa 1.0.0 (from rpm)]
which was sent on the list 2000.12.22.

Best Regards,

Olaf Frączyk <>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]