Bugtraq mailing list archives
Re: CPSN 4-970424: Possible buffer overflow in pop3d
From: jkatz () CORINNE MAC EDU (J. Joseph Max Katz)
Date: Mon, 28 Apr 1997 09:17:11 -0500
On Sun, 27 Apr 1997, Derric Scott wrote:
While I don't profess to be the keeper of BSD POP3d, I have made recent changes and made them available. So.... I took a very quick look and changed that "offending" strcpy to a strncpy. I'll soon put 1.005f up on: ftp://ftp.scott.net/pub/linux/mail
Thank you for the quick response.
Is this security notice based on an exploit or is it just from examination of the code. My cursory glance indicates that there is no real threat from that strcpy because the length of the input has already been checked before
Only upon examination-- I only looked at the code, saw (strcpy(static_array,char *) and gasped-- and made the release. It looks as if, within function svr_auth it only gets the input from a 128 character array, then later, subtracts the first four characters out (deciding if it is USER or PASS or whatever) and then puts that into a pointer when a different function is called, and then strcpy's it.
FUNCTION: svr_auth(state,inbuf), has the "offending" line: strcpy(cli_user,inbuf); BUT: svr_auth is called from MAIN with: svr_state = svr_auth(svr_state,cli_buf); where cli_buf is read previously from stdin with: if (fgetl(cli_buf,CLI_BUFSIZ,stdin) == NULL)
Current thread:
- CPSN 4-970424: Possible buffer overflow in pop3d Corinne Posse (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d George Staikos (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Derric Scott (Apr 27)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d J. Joseph Max Katz (Apr 28)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Johannes Erdfelt (Apr 28)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Derric Scott (Apr 27)
- Overflow in xlock George Staikos (Apr 26)
- Re: Overflow in xlock David Hedley (Apr 27)
- Re: Overflow in xlock Bollinger (Apr 27)
- Re: Overflow in xlock Andrew G. Morgan (Apr 27)
- Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d George Staikos (Apr 26)