Security fixes for Exim are out. Here's one for an out-of-bounds write in its external authenticator code:
- auth_vars[expand_nmax] = s;
+ auth_vars[expand_nmax = 1] = s;
Which certainly doesn't look like an error-prone way of resetting how many numbered strings you've expanded.
Incidentally, two of these three variables are globals. That's not particularly surprising since Exim has well over 700 of them.
Anyway, I'm sure nothing like this will happen again now these are fixed.
@de22920b I'm not too familiar with SQLite. Let's see.
`INSERT INTO kv_store (project, key, value, time) VALUES (?, ?, ?, datetime()) ON CONFLICT (project,key) DO UPDATE SET value=value+?,time=datetime() RETURNING VALUE`
With a unique index on `(project, key)`
Notes by Thomas Hurst | export