On Tue, Mar 29, 2016 at 8:38 PM, Stefan Beller <sbeller@xxxxxxxxxx> wrote: > `strlen` returns the length of a string without the terminating null byte. > To make sure enough memory is allocated we need to pass `strlen(..) + 1` > to the allocation function. > > Signed-off-by: Stefan Beller <sbeller@xxxxxxxxxx> > --- > imap-send.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/imap-send.c b/imap-send.c > index 2c52027..f7e9909 100644 > --- a/imap-send.c > +++ b/imap-send.c > @@ -872,7 +872,7 @@ static char *cram(const char *challenge_64, const char *user, const char *pass) > * enough upper bound for challenge (decoded result). > */ > encoded_len = strlen(challenge_64); > - challenge = xmalloc(encoded_len); > + challenge = xmalloc(encoded_len + 1); 'challenge' is never used as a NUL-terminated string, and EVP_DecodeBlock() is not advertised as adding a terminating NUL, so why is this an improvement? > decoded_len = EVP_DecodeBlock((unsigned char *)challenge, > (unsigned char *)challenge_64, encoded_len); > if (decoded_len < 0) > -- -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html