Skip to content

Out of bound access for get_arpadate function #13

New issue
New issue
Open
Bug
Open
Out of bound access for get_arpadate function#13
Bug
Labels
bugSomething isn't workinggood first issueGood for newcomers
@Syed-Shahrukh-OSSRevival

Description

@Syed-Shahrukh-OSSRevival
Syed-Shahrukh-OSSRevival
opened on Feb 27, 2026

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724279

I just ran the static analysis tool "cppcheck" over the source
code of ssmtp-2.64

It said many things, including

[arpadate.c:70]: (error) Buffer is accessed out of bounds.
[arpadate.c:72]: (error) Buffer is accessed out of bounds.

Source code is

 
  if (offset>= 0)
    sprintf (timezone, "+%02d%02d", offset / 60, offset % 60);
  else
    sprintf (timezone, "-%02d%02d", -offset / 60, -offset % 60);

so that's six bytes written into timezone. But

static char timezone[3];

Suggest increase size of timezone

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workinggood first issueGood for newcomers

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions