Bugtraq mailing list archives
Re: qpopper2.52
From: drow () FALSE ORG (Dan Jacobowitz)
Date: Thu, 2 Jul 1998 16:54:33 -0400
On Thu, Jul 02, 1998 at 12:51:50PM -0400, Alan J Rosenthal wrote:
Are these limits in fact unnecessary, or have the qualcomm folks missed a few? (This file is the same in v2.52 -- got in this morning and started working on the 2.5 version before I saw last night's bugtraq mail... arggh) If these limits are indeed necessary, note that there's also a copy of this sprintf call on line 76.
Not to mention in pop_msg.c where this whole mess began. The Qualcomm folks have taken the approach of limiting the length of every string passed to the dangerous functions, instead of bounds checking within pop_log and pop_msg. This is a dangerous thing to do in my opinion - while they may indeed have caught every major problem, there could possibly be unforseen circumstances where the strings passed to those functions do get overlarge. It would be a very reasonable safeguard to add bounds checking to pop_log and pop_msg, and patches to do that have already been posted to this list. In fact, in the source code of 2.52 I see this: [0] mars:~/qp/qpopper2.52$ grep sprintf *.c |wc -l 34 By no means are all of these dangerous, but a slightly more useful figure is: [0] mars:~/qp/qpopper2.52$ grep sprintf *.c |grep '%s'|wc -l 18 Eighteen places where strings are pushed into fixed length buffers. If they have missed even one.... Daniel Jacobowitz --------------------------------------------------------------------------- drow () false org dan () debian org
Current thread:
- ircd 2.9.5 & ircii-pana DNS problems Michal Zalewski (Jun 30)
- qpopper2.52 Alan J Rosenthal (Jul 02)
- Re: qpopper2.52 Dan Jacobowitz (Jul 02)
- ALERT: Microsoft IIS ASP - $DATA issue update Aleph One (Jul 02)
- Re: ircd 2.9.5 & ircii-pana DNS problems Valdis.Kletnieks () VT EDU (Jul 02)
- SECURITY: redhat, the saga continues.. twiztah (Jul 02)
- Windows95 Proxy DoS Vulnerabilites Ryan Nichols (Jul 02)
- Re: SECURITY: redhat, the saga continues.. Jim Bourne (Jul 02)
- Re: SECURITY: redhat, the saga continues.. Chris Adams (Jul 03)
- more about 'at' J.A. Gutierrez (Jul 03)
- qpopper2.52 Alan J Rosenthal (Jul 02)