Full Disclosure mailing list archives
Re: Lame crash in qmail-smtpd
From: David Jez <dave.jez () seznam cz>
Date: Tue, 20 Jan 2004 09:16:43 +0100
Hello guys
[...] The problem is in: void blast(hops) int *hops; ... int pos; /* number of bytes since most recent \n, if fih */ ... if (pos < 9) { if (ch != "delivered"[pos]) if (ch != "DELIVERED"[pos]) flagmaybez = 0; ... ++pos; ...
I think this isn't serious security problem because generally this kind of overflow (nondeterministic, noncontrolled random read from random address) is not exploitable. This can be only "logical bug". I think that best fix is following patch (or die with another funny message like go away, etc.). Regards, -- ------------------------------------------------------- David "Dave" Jez Brno, CZ, Europe E-mail: dave.jez () seznam cz PGP key: finger xjezda00 () eva fit vutbr cz ---------=[ ~EOF ]=------------------------------------
Attachment:
qmail-1.03-hops-fix.diff
Description:
Current thread:
- Re: Lame crash in qmail-smtpd David Jez (Jan 20)
- Re: Re: Lame crash in qmail-smtpd Jedi/Sector One (Jan 20)