mailing list archives
Re: CPSN 4-970424: Possible buffer overflow in pop3d
From: achurch () DRAGONFIRE NET (Andy Church)
Date: Mon, 28 Apr 1997 11:23:54 EDT
FUNCTION: svr_auth(state,inbuf), has the "offending" line:
BUT: svr_auth is called from MAIN with:
svr_state = svr_auth(svr_state,cli_buf);
where cli_buf is read previously from stdin with:
if (fgetl(cli_buf,CLI_BUFSIZ,stdin) == NULL)
Now this machine doesn't have a manpage for "fgetl"
It's a custom routine (see util.c) which reads a line of text from a
file and discards all but the first `len'-1 bytes (CLI_BUFSIZ-1 in this
but, from the arguments, it looks like it will check the length...
Indeed it will; therefore, _the strcpy() is safe_. However, as a
general rule, I always comment strcpy() or similar calls with an
explanation of why the call is safe in order to prevent confusion such as
This just goes to show that strcpy() isn't _always_ a security hole...
--Andy Church | If Bell Atlantic really is the heart
achurch () dragonfire net | of communication, then it desperately
www.dragonfire.net/~achurch/ | needs a quadruple bypass.
Re: CPSN 4-970424: Possible buffer overflow in pop3d Andy Church (Apr 28)
- Re: Overflow in xlock, (continued)