Description of problem: The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. The sasl_encode64() function converts a string into base64. On some conditions sasl_encode64() does not terminate his output by nul character. Especially in this case: sasl_encode64 (in, inlen, out, outmax, &outlen) with outhmax exactly the size of output according to inlen (without the training zero) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Postfix allocates the buffer correctly, the length is computed to include also the trailing zero.