dovecot-1.1: str_find_init() allocated too little memory for tem...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.1/rev/ffd549b542c5
changeset: 7441:ffd549b542c5
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Mar 30 11:46:45 2008 +0300
description:
str_find_init() allocated too little memory for temporary suffixes buffer.
Found by Diego Liziero.

diffstat:

1 file changed, 4 insertions(+), 2 deletions(-)
src/lib/str-find.c |    6 ++++--

diffs (28 lines):

diff -r 213dd8e78ad8 -r ffd549b542c5 src/lib/str-find.c
--- a/src/lib/str-find.c	Sun Mar 30 11:43:33 2008 +0300
+++ b/src/lib/str-find.c	Sun Mar 30 11:46:45 2008 +0300
@@ -1,4 +1,6 @@
 /* Copyright (c) 2007-2008 Dovecot authors, see the included COPYING file */
+
+/* @UNSAFE: whole file */
 
 #include "lib.h"
 #include "str-find.h"
@@ -53,7 +55,7 @@ static void init_goodtab(struct str_find
 	unsigned int j, *suffixes;
 	int i;
 
-	suffixes = t_buffer_get(ctx->key_len);
+	suffixes = t_buffer_get(sizeof(*suffixes) * ctx->key_len);
 	init_suffixes(ctx, suffixes);
 
 	for (i = 0; i < (int)ctx->key_len; i++)
@@ -71,7 +73,7 @@ static void init_goodtab(struct str_find
 	for (i = 0; i <= (int)ctx->key_len - 2; i++)
 		ctx->goodtab[len_1 - suffixes[i]] = len_1 - i;
 }
- 
+
 struct str_find_context *str_find_init(pool_t pool, const char *key)
 {
 	struct str_find_context *ctx;