mailutils/pop3d extra.c

commit-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mailutils/pop3d extra.c

From:	Alain Magloire
Subject:	mailutils/pop3d extra.c
Date:	Tue, 23 Jan 2001 09:13:22 -0800

CVSROOT:        /home/cvs
Module name:    mailutils
Changes by:     Alain Magloire <address@hidden> 01/01/23 09:13:22

Modified files:
        pop3d          : extra.c 

Log message:
        An hidden bug that could bring problems,  pop3_readline ()
        was doing the equivalent of:
        
        char buffer[1024];
        memset (buffer, 0, 1024);
        ...
        read (popfd, buffer, 1024);
        ...
        ret = malloc (strlen (buffer) +1);
        
        According to the rfc a command line should be no longer then
        255 but a malicious client could send a big buffer that could fit
        1024 then buffer would not be null terminated, strlen(buffer) may
        be supceptible to overflow.  A simple fix would be to
        read (fd, buffer, 1023); /* leave space for a null */
        I've put a different fix that does not need the call to memset().
        And at the same time reduce the size of the buffer to  go
        easy on the stack 512 is sufficient.

CVSWeb URLs:
http://subversions.gnu.org/cgi-bin/cvsweb/mailutils/pop3d/extra.c.diff?r1=1.7&r2=1.8

[Prev in Thread]

Current Thread

[Next in Thread]

mailutils/pop3d extra.c, Alain Magloire, 2001/01/19
- mailutils/pop3d extra.c, Alain Magloire <=

Prev by Date: mailutils Makefile.am
Next by Date: mailutils/mailbox attribute.c file_stream.c hea...
Previous by thread: mailutils/pop3d extra.c
Next by thread: mailutils ./acconfig.h ./configure.in frm/frm.c...
Index(es):
- Date
- Thread