|
Bugtraq
mailing list archives
More about UW c-client library
From: Juhapekka Tolvanen <juhtolv () ST JYU FI>
Date: Sat, 2 Sep 2000 00:18:14 +0300
Here is more information about that bug.
http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=70647
It seems, that they will have some patch real soon:
(CLIP HERE)
Upon a quick glance, there indeed appears to be no checks at all
for buffer overflows. A buf of 8k is allocated into which the
From:, Status:, X-Status, and X-Keywords: headers are placed,
with simple
sprintf (buf + strlen (buf),"...
commands. So having extremely long X-Keywords in mail messages
will screw things up. Double yuck.
This is in imap-4.7c/src/osdep/unix/unix.c BTW.
See the original message and the accompanying thread in debian-devel,
archive/latest/67244 , Message-ID <39AD820C.6AD0818C () axis com> from
Cristian Ionescu-Idbohrn <cii () axis com>
Ok, I've patched unix.c to use snprintf(3) instead of sprintf(3). This
is
only the tip of the iceberg however. There is a source code scanner
called its4 which checks for unsafe coding practices and I ran it on
imapd. The report was about a mile long :(
(CLIP HERE)
--
Juhapekka "naula" Tolvanen * * * U of Jyväskylä * * juhtolv () st jyu fi
http://www.cc.jyu.fi/~juhtolv/index.html * "STRAIGHT BUT NOT NARROW!"
---------------------------------------------------------------------
"so impressed with all you do. tried so hard to be like you. flew too
high and burnt the wing. lost my faith in everything" nine inch nails
 By Date 
By Thread
Current thread:
- More about UW c-client library Juhapekka Tolvanen (Sep 02)
|
Intro
