|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wietse Venema (wietse
porcupine.org)
Date: Mon Aug 11 2008 - 12:21:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jordi Moles Blanco:
> the communication with postfix is done by using the function
> "reinjecta_mail" i've also attached.
>
> is there anything wrong that postfix can't understand and therefore
> crashes?
YOUR PROGRAM crashes, not Postfix. Do not blame the messenger who
brings the bad news.
> FILE *file;
> file = fopen("/var/log/quota-postfix.log","a+");
What happen when fopen() does not succeed? Your program crashes
because it follows a null file pointer.
> //creem la conexio
> hp = gethostbyname(ipnet);
What happens when gethostbyname() does not succeed? Your program
crashes because it follows a null hp pointer.
> bcopy ( hp->h_addr, &(server.sin_addr.s_addr),
> hp->h_length);
What happens when a malicious DNS server sends a large reply?
Your program will have a buffer overflow vulnerability because
hp->h_length is larger than the server.sin_addr.s_addr buffer.
> strcpy(hola,"MAIL FROM:<");
> strcat(hola,remitent);
> strcat(hola,">\r\n");
What happens when the string is larger than your hola buffer?
Your program will have a buffer overflow vulnerability.
> strcpy(hola,"RCPT TO:<");
> strcat(hola,victima);
> strcat(hola,">\r\n");
What happens when the string is larger than your hola buffer?
Your program will have a buffer overflow vulnerability.
And so on.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]