Bugtraq mailing list archives

Re: Remote exploit in sendmail 8.8.0

From: roessler () sobolev rhein de (Thomas Roessler)
Date: Thu, 17 Oct 1996 09:45:51 GMT


In article <199610170116.SAA04638 () abraham cs berkeley edu>,
John Anonymous MacDonald wrote:

               /* quoted-printable */
               obp = obuf;
               while (fgets(buf, sizeof buf, e->e_dfp) != NULL)
               {
                       if (mime_fromqp((u_char *) buf, &obp, 0, MAXLINE) == 0)
                               continue;

                       putline((char *) obuf, mci);
                       obp = obuf;
               }


Am I seriously mistaken when I say that changing MAXLINE to (MAXLINE -
(obp - obuf)) and additionally changing every occurence of

        if (++nchar > maxlen)
                break;

to

        if (++nchar >= maxlen)
                break;

in mime_fromqp() will fix this problem and another one related to the
trailing '\0'?

tlr
--
Thomas Roessler                           http://www.rhein.de/~roessler/

Current thread:

Remote exploit in sendmail 8.8.0 John Anonymous MacDonald (Oct 16)
- Re: Remote exploit in sendmail 8.8.0 Alain Magloire (Oct 17)
- <Possible follow-ups>
- Re: Remote exploit in sendmail 8.8.0 Thomas Roessler (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Dave Hayes (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 D. J. Bernstein (Oct 17)
- Re: Remote exploit in sendmail 8.8.0 Daniel S. Riley (Oct 18)
- Re: Remote exploit in sendmail 8.8.0 Steven L Baur (Oct 18)