Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow

["Larry W. Cashdollar" <lwc () vapid ath cx>]

Maybe a better response would have been to test/patch yourself?

It's actually not worth it, catmail has about 9 strcpy()'s.  That's not
including the libraries it links too.  Which are riddled with them...

gcc -fwritable-strings -I/tmp/bleh -ggdb -O -o catmail catmail.o
/tmp/bleh/lplib/liblplib.a /tmp/bleh/send/libsend.a
/tmp/bleh/objects/libobjects.a /tmp/bleh/lputil/liblputil.a
/tmp/bleh/port/liblpport.a  -lnsl -lm -L/tmp/bleh/../../dbm -llpdb

for starters:

[root@mozzarella lplib]# grep -c strcpy *.c
config_file.c:0
file_list.c:1
fio.c:0
lpalias.c:1
lpglobals.c:0
lprevdbm.c:0
misc.c:53
newmail.c:0
sender.c:26
signals.c:0
silp.c:8

[root@mozzarella lputil]# grep -c strcpy *.c
lpconfig.c:0
lpcounter_file.c:0
lpdir.c:0
lperrmsg.c:0
lpexec.c:0
lpexit.c:0
lpfile.c:0
lpinit.c:1
lplock.c:0
lplog.c:1
lpmd5.c:0
lpregex.c:0
lpsetuid.c:0
lpsig.c:0
lpstring.c:0
lpsyslib.c:1
lptypes.c:0
mailrfc.c:0
md5c.c:0
plist.c:0
regerror.c:1
regex.c:4
regex_new.c:4
regexp.c:1
regsub.c:0
string_table.c:0

It's better to just move on to new software.


On Fri, 9 May 2003, Shawn McMahon wrote:

> Huh?  They can't come up with a Linux box with enough HD space to store
> the source code?  What, does the company use PCs in their school library
> to do all their Important Security Consultant Work?
>
> Never mind, I just looked at their website.  Maybe they truly DON'T have
> any Linux or other UNIX boxes.
>
>
> --
> Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
> EIV Consulting    | that we shall pay any price, bear any burden, meet any
> UNIX and Linux          | hardship, support any friend, oppose any foe, to assure
> http://www.eiv.com| the survival and the success of liberty. - JFK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html