Home page logo

bugtraq logo Bugtraq mailing list archives

Re: CPSN 4-970424: Possible buffer overflow in pop3d
From: achurch () DRAGONFIRE NET (Andy Church)
Date: Mon, 28 Apr 1997 11:23:54 EDT

       FUNCTION: svr_auth(state,inbuf), has the "offending" line:
       BUT:  svr_auth is called from MAIN with:
                       svr_state = svr_auth(svr_state,cli_buf);
       where cli_buf is read previously from stdin with:
                       if (fgetl(cli_buf,CLI_BUFSIZ,stdin) == NULL)

Now this machine doesn't have a manpage for "fgetl"

     It's a custom routine (see util.c) which reads a line of text from a
file and discards all but the first `len'-1 bytes (CLI_BUFSIZ-1 in this

but, from the arguments, it looks like it will check the length...

     Indeed it will; therefore, _the strcpy() is safe_.  However, as a
general rule, I always comment strcpy() or similar calls with an
explanation of why the call is safe in order to prevent confusion such as

     This just goes to show that strcpy() isn't _always_ a security hole...

  --Andy Church                  | If Bell Atlantic really is the heart
    achurch () dragonfire net       | of communication, then it desperately
    www.dragonfire.net/~achurch/ | needs a quadruple bypass.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]