Vulnerability Development mailing list archives
Re: sendmail ;o)
From: sgp () TELSATGP COM PL (Slawek)
Date: Thu, 13 Jul 2000 15:06:16 +0200
Thursday, July 13, 2000 6:57 AM, Daniel Jacobowitz wrote:
On Wed, Jul 12, 2000 at 11:54:01AM +0200, Slawek wrote:Well it's about the same like in finger - even "better" ;) .. snprintf
does
not null terminate :)So, I've been guilty of this a time or two myself, so I felt I should correct this. snprintf() in most cases DOES null terminate - there are probably some platforms where it does not, but it usually does. You may be thinking of strncpy(), which does not.
In Solaris snprintf doesn't null terminate (when buffer overflows). When sendmail is used here it may lead to some security problems. I'm not using Solaris so I don't need to do anything about it except of sending information to sendmail.org and to some lists like this one. Obviously it can be treated as Solaris' bug not sendmail's. But no matter who is guilty it *is* a security problem and I think it should be fixed before somebody finds a way to exploit it ;) Bye, Slawek
Current thread:
- sendmail ;o) Slawek (Jul 12)
- Re: sendmail ;o) Daniel Jacobowitz (Jul 12)
- Re: sendmail ;o) Slawek (Jul 13)
- Re: sendmail ;o) Gregory Neil Shapiro (Jul 16)
- Re: sendmail ;o) Kev (Jul 17)
- Re: sendmail ;o) Slawek (Jul 13)
- Re: sendmail ;o) Kev (Jul 13)
- Re: sendmail ;o) Daniel Jacobowitz (Jul 12)