fnordomat
commented
8 years ago I'll call it a day then and close the issue.
Closed fnordomat closed 8 years ago
fnordomat
commented
8 years ago I'll call it a day then and close the issue.
A bad configuration file can trigger several buffer overflows. When the user=... line is very long, parseConfig() segfaults. When the user=... line is still too long, the password field is read into the username.
I haven't found any obviously remotely exploitable instances at a quick glance (there is a sprintf that can overflow somewhat in delete_status_by_id by writing a printed representation of a
remotely suppliedinteger into a buffer, but the buffer is only slightly too short for large integers).Will fix