Bugtraq mailing list archives
Re: Remote exploit in sendmail 8.8.0
From: roessler () sobolev rhein de (Thomas Roessler)
Date: Thu, 17 Oct 1996 09:45:51 GMT
In article <199610170116.SAA04638 () abraham cs berkeley edu>, John Anonymous MacDonald wrote:
/* quoted-printable */ obp = obuf; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { if (mime_fromqp((u_char *) buf, &obp, 0, MAXLINE) == 0) continue;
putline((char *) obuf, mci); obp = obuf; }
Am I seriously mistaken when I say that changing MAXLINE to (MAXLINE - (obp - obuf)) and additionally changing every occurence of if (++nchar > maxlen) break; to if (++nchar >= maxlen) break; in mime_fromqp() will fix this problem and another one related to the trailing '\0'? tlr -- Thomas Roessler http://www.rhein.de/~roessler/
Current thread:
- Remote exploit in sendmail 8.8.0 John Anonymous MacDonald (Oct 16)
- Re: Remote exploit in sendmail 8.8.0 Alain Magloire (Oct 17)
- <Possible follow-ups>
- Re: Remote exploit in sendmail 8.8.0 Thomas Roessler (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Dave Hayes (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 D. J. Bernstein (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Daniel S. Riley (Oct 18)
- Re: Remote exploit in sendmail 8.8.0 Steven L Baur (Oct 18)