Bugtraq mailing list archives

Re: QPOPPER problem.... ONE crude patch...

From: marc () SNAFU ORG (Marco S Hyman)
Date: Sat, 27 Jun 1998 15:31:12 -0700


Daniel Ryde writes:

        vsnprintf(mp,sizeof(message)-(mp - message)-3,format,ap);


Dangerous, if the string is truncated it will skip the null termination,


This came up a while back.  Some versions of [v]snprintf copy
size - 1 characters into str and then null terminate.  Example: the
OpenBSD snprinf man page says:

     Snprintf(), vsnprintf(), asnprintf() and vasnprintf() will write at most
     size-1 of the characters printed into the output string (the size'th
     character then gets the terminating `\0'); if the return value is greater
     than or equal to the size argument, the string was too short and some of
     the printed characters were discarded.

It's possible that the author is using a system with the above semantics.
People patching the code must know what their [v]snprintf does.

// marc

Current thread:

!!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Seth McGann (Jun 26)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Theo de Raadt (Jun 27)
- patch for qpopper remote exploit bug Roy Hooper (Jun 27)
  - Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
    - Re: patch for qpopper remote exploit bug Theo de Raadt (Jun 27)
    - Re: patch for qpopper remote exploit bug Jon Lusky (Jun 27)
    - Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
    - Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
  - Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
  - Re: QPOPPER problem.... Jason Ackley (Jun 27)
    - Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
    - patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
    - Re: QPOPPER problem.... Marco S Hyman (Jun 27)
    - Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
    - More patch ideas for qpopper Aaron D. Gifford (Jun 27)
    - Re: QPOPPER problem.... Jeff Haas (Jun 27)
  - Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)

(Thread continues...)