Out of bounds read error in wildcard_match.c

27 Jun 2015 · */ while (*


      Hi,
I discovered an out of bounds read error in the file wildcard_match.c.
Here's the code:
/* find the end of each string */
while (*(++mask));
mask--;
while (*(++data));
data--;
The problem with this: It will search for the end of the strings
(zero-terminated), but it'll only start at position 1, not at position
0 (because the ++ in front of the variable will first increment and
then return the value). However these strings can be empty.
This can be fixed by changing ++mask to mask++ (and same for data),
then there must be a -=2 instead of -- afterwards. See attached patch.
I found this by compiling dovecot with address sanitizer and running
the test suite.
cu,
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: BBB51E42