|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
qpopper2.52
Alan J Rosenthal (flaps
DGP.TORONTO.EDU)Thu, 2 Jul 1998 12:51:50 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: twiztah: "SECURITY: redhat, the saga continues.."
- Previous message: Valdis.KletnieksVT.EDU: "Re: ircd 2.9.5 & ircii-pana DNS problems"
- Next in thread: Dan Jacobowitz: "Re: qpopper2.52"
While diffing the new qpopper distribution with my own modified qpopper2.41beta directory, I found something interesting in pop_uidl.c -- interesting to me at least, hopefully y'all on the list will assure me that it is not, in fact, interesting. I had modified my 2.41beta directory in accordance with hints on this list, and the diffs found overflow checks missing in the new pop_uidl.c: diff -rs qpopper2.41beta1/pop_uidl.c qpopper2.5/pop_uidl.c 60c60 < sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str); --- > sprintf(buffer, "%d %s", msg_id, mp->uidl_str); ... 153c149 < sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str); --- > sprintf(buffer, "%d %s", msg_id, mp->uidl_str); 170c166 < sprintf(buffer, "%d %.900s", x, mp->uidl_str); --- > sprintf(buffer, "%d %s", x, mp->uidl_str); Are these limits in fact unnecessary, or have the qualcomm folks missed a few? (This file is the same in v2.52 -- got in this morning and started working on the 2.5 version before I saw last night's bugtraq mail... arggh) If these limits are indeed necessary, note that there's also a copy of this sprintf call on line 76. regards,
- Next message: twiztah: "SECURITY: redhat, the saga continues.."
- Previous message: Valdis.KletnieksVT.EDU: "Re: ircd 2.9.5 & ircii-pana DNS problems"
- Next in thread: Dan Jacobowitz: "Re: qpopper2.52"