Bugtraq mailing list archives
qpopper2.52
From: flaps () DGP TORONTO EDU (Alan J Rosenthal)
Date: Thu, 2 Jul 1998 12:51:50 -0400
While diffing the new qpopper distribution with my own modified qpopper2.41beta directory, I found something interesting in pop_uidl.c -- interesting to me at least, hopefully y'all on the list will assure me that it is not, in fact, interesting. I had modified my 2.41beta directory in accordance with hints on this list, and the diffs found overflow checks missing in the new pop_uidl.c: diff -rs qpopper2.41beta1/pop_uidl.c qpopper2.5/pop_uidl.c 60c60 < sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str); ---
sprintf(buffer, "%d %s", msg_id, mp->uidl_str);
... 153c149 < sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str); ---
sprintf(buffer, "%d %s", msg_id, mp->uidl_str);
170c166 < sprintf(buffer, "%d %.900s", x, mp->uidl_str); ---
sprintf(buffer, "%d %s", x, mp->uidl_str);
Are these limits in fact unnecessary, or have the qualcomm folks missed a few? (This file is the same in v2.52 -- got in this morning and started working on the 2.5 version before I saw last night's bugtraq mail... arggh) If these limits are indeed necessary, note that there's also a copy of this sprintf call on line 76. regards,
Current thread:
- ircd 2.9.5 & ircii-pana DNS problems Michal Zalewski (Jun 30)
- qpopper2.52 Alan J Rosenthal (Jul 02)
- Re: qpopper2.52 Dan Jacobowitz (Jul 02)
- ALERT: Microsoft IIS ASP - $DATA issue update Aleph One (Jul 02)
- Re: ircd 2.9.5 & ircii-pana DNS problems Valdis.Kletnieks () VT EDU (Jul 02)
- SECURITY: redhat, the saga continues.. twiztah (Jul 02)
- Windows95 Proxy DoS Vulnerabilites Ryan Nichols (Jul 02)
- Re: SECURITY: redhat, the saga continues.. Jim Bourne (Jul 02)
- Re: SECURITY: redhat, the saga continues.. Chris Adams (Jul 03)
- more about 'at' J.A. Gutierrez (Jul 03)
- qpopper2.52 Alan J Rosenthal (Jul 02)