Bugtraq mailing list archives
Fixing up Qpopper
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Mon, 29 Jun 1998 11:00:55 +0100
Hi, Everyone is scrambling around trying to analyse which sprintf()'s are going to cause overflows in qpopper. This is not the proper approach to security. It causes additional overruns to be missed, as is witnessed by lots of "here's another one" posts seen on the topic so far. There will always be some weird code path that concatenates strings longer than you expected, etc. Successful protection of security related software commonly uses one of these techniques: 1) Bounds check _all_ copies. For example, samba just did a mass switch from strcpy to strncpy. Of course, after a strncpy you must remember to ensure the destination is properly null terminated. 2) When copying data, work out the required new length then make a new buffer of required size on the fly. Lots of programs with very good security records have used this approach. Cheers Chris
Current thread:
- More problems with QPOPPER - <sigh> John Fraizer (Jun 28)
- Re: More problems with QPOPPER - <sigh> Phillip R. Jaenke (Jun 28)
- Re: More problems with QPOPPER - <sigh> Julian Assange (Jun 29)
- Re: More problems with QPOPPER - <sigh> Dustin Sallings (Jun 29)
- Fixing up Qpopper Chris Evans (Jun 29)
- Re: More problems with QPOPPER - <sigh> Bruno Lopes F. Cabral (Jun 29)
- Re: More problems with QPOPPER - <sigh> Klaus (Jun 29)
- <Possible follow-ups>
- Re: More problems with QPOPPER - <sigh> Aaron D. Gifford (Jun 29)
- Re: More problems with QPOPPER - <sigh> Aaron D. Gifford (Jun 29)
- Re: More problems with QPOPPER - <sigh> Niall Smart (Jun 29)