Re: address@hidden: some code issues]

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: address@hidden: some code issues]

From:	Nico Golde
Subject:	Re: address@hidden: some code issues]
Date:	Thu, 10 Jan 2008 16:35:46 +0100

Hi Chong,
* Chong Yidong <address@hidden> [2008-01-10 16:29]:
> > I had a quick look at the pop.c code today and found some
> > issues.
> >
> > In pop_stat:
> >
> > If I don't miss anything the atoi call in 380 is not save as it is not
> > save because it is not ensure that &fromserver[4] is not NULL. A crafted
> > pop3 server could thus crash emacs. This is of course not a real issue but
> > wouldn't be nice. Same for the pop_last function.
> >
> > In pop_list:
> >
> > in 441 and 442 there should be some check for how_many to prevent an integer
> > overflow here.
> 
> Fixed.  Thanks for pointing these out.

What do you think about requesting a CVE id for this?

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - address@hidden - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

pgp8b1UWCzRP8.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

address@hidden: some code issues], Richard Stallman, 2008/01/07
- Re: address@hidden: some code issues], Chong Yidong, 2008/01/10
  - Re: address@hidden: some code issues], Nico Golde <=
- Re: address@hidden: some code issues], Chong Yidong, 2008/01/10

Prev by Date: fix to make log-view.el work with svn
Next by Date: Re: 23.0.60; describe-char gives wrong information
Previous by thread: Re: address@hidden: some code issues]
Next by thread: Re: address@hidden: some code issues]
Index(es):
- Date
- Thread