A bad configuration file can trigger several buffer overflows.
When the user=... line is very long, parseConfig() segfaults.
When the user=... line is still too long, the password field is read into the username.
I haven't found any obviously remotely exploitable instances at a quick glance (there is a sprintf that can overflow somewhat in delete_status_by_id by writing a printed representation of a remotely supplied integer into a buffer, but the buffer is only slightly too short for large integers).
Will fix
all the sprintf's (better safe than sorry)
reliance on strlen to fix bounds (which causes the parseConfig overflow)
A bad configuration file can trigger several buffer overflows. When the user=... line is very long, parseConfig() segfaults. When the user=... line is still too long, the password field is read into the username.
I haven't found any obviously remotely exploitable instances at a quick glance (there is a sprintf that can overflow somewhat in delete_status_by_id by writing a printed representation of a
remotely suppliedinteger into a buffer, but the buffer is only slightly too short for large integers).Will fix