Bugtraq mailing list archives

qpopper2.52

From: flaps () DGP TORONTO EDU (Alan J Rosenthal)
Date: Thu, 2 Jul 1998 12:51:50 -0400


While diffing the new qpopper distribution with my own modified
qpopper2.41beta directory, I found something interesting in pop_uidl.c
-- interesting to me at least, hopefully y'all on the list will assure me
that it is not, in fact, interesting.  I had modified my 2.41beta directory
in accordance with hints on this list, and the diffs found overflow checks
missing in the new pop_uidl.c:

diff -rs qpopper2.41beta1/pop_uidl.c qpopper2.5/pop_uidl.c
60c60
<       sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str);
---

      sprintf(buffer, "%d %s", msg_id, mp->uidl_str);

...
153c149
<       sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str);
---

      sprintf(buffer, "%d %s", msg_id, mp->uidl_str);

170c166
<           sprintf(buffer, "%d %.900s", x, mp->uidl_str);
---

          sprintf(buffer, "%d %s", x, mp->uidl_str);


Are these limits in fact unnecessary, or have the qualcomm folks missed a few?
(This file is the same in v2.52 -- got in this morning and started working on
the 2.5 version before I saw last night's bugtraq mail... arggh)

If these limits are indeed necessary, note that there's also a copy of this
sprintf call on line 76.

regards,

Current thread:

ircd 2.9.5 & ircii-pana DNS problems Michal Zalewski (Jun 30)
- qpopper2.52 Alan J Rosenthal (Jul 02)
  - Re: qpopper2.52 Dan Jacobowitz (Jul 02)
  - ALERT: Microsoft IIS ASP - $DATA issue update Aleph One (Jul 02)
- Re: ircd 2.9.5 & ircii-pana DNS problems Valdis.Kletnieks () VT EDU (Jul 02)
- SECURITY: redhat, the saga continues.. twiztah (Jul 02)
  - Windows95 Proxy DoS Vulnerabilites Ryan Nichols (Jul 02)
  - Re: SECURITY: redhat, the saga continues.. Jim Bourne (Jul 02)
  - Re: SECURITY: redhat, the saga continues.. Chris Adams (Jul 03)
  - more about 'at' J.A. Gutierrez (Jul 03)