There are 3 buffer overflows in jid.c that are triggered
during parsing of JID strings when components (user, host or
resource) are too long.
- jid.c, line 103: overflow in `str' buffer through
strcpy() when "user" part is too long.
- jid.c, line 115: overflow in `str' buffer through
strcpy() when "host" part is too long.
- jid.c, line 127: overflow in `str' buffer through
strcpy() when "resource" part is too
long.
These overflows can be used to perform a DoS attack on the
server (sm process segfaults) and can possible be used for
arbitrary code execution.