Fabre

#724279 ssmtp-1.64 bug report #724279

Package:: ssmtp

Source:: ssmtp

Description:: extremely simple MTA to get mail off the system to a mail hub

Submitter:: David Binderman

Date:: 2026-02-27 10:55:02 UTC

Severity:: normal

#724279#5

Date:: 2013-09-23 09:55:03 UTC

From:

To:

Package:ssmtp

Hello there,

I just ran the static analysis tool "cppcheck" over the source
code of ssmtp-2.64

It said many things, including

[arpadate.c:70]: (error) Buffer is accessed out of bounds.
[arpadate.c:72]: (error) Buffer is accessed out of bounds.

Source code is

  if (offset>= 0)
    sprintf (timezone, "+%02d%02d", offset / 60, offset % 60);
  else
    sprintf (timezone, "-%02d%02d", -offset / 60, -offset % 60);

so that's six bytes written into timezone. But

  static char timezone[3];


Suggest increase size of timezone

Regards

David Binderman

#724279 ssmtp-1.64 bug report #724279

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)