[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: address@hidden: some code issues]
From: |
Nico Golde |
Subject: |
Re: address@hidden: some code issues] |
Date: |
Thu, 10 Jan 2008 16:35:46 +0100 |
Hi Chong,
* Chong Yidong <address@hidden> [2008-01-10 16:29]:
> > I had a quick look at the pop.c code today and found some
> > issues.
> >
> > In pop_stat:
> >
> > If I don't miss anything the atoi call in 380 is not save as it is not
> > save because it is not ensure that &fromserver[4] is not NULL. A crafted
> > pop3 server could thus crash emacs. This is of course not a real issue but
> > wouldn't be nice. Same for the pop_last function.
> >
> > In pop_list:
> >
> > in 441 and 442 there should be some check for how_many to prevent an integer
> > overflow here.
>
> Fixed. Thanks for pointing these out.
What do you think about requesting a CVE id for this?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - address@hidden - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp8b1UWCzRP8.pgp
Description: PGP signature