Bugtraq mailing list archives
followup: local mail delivery
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 3 Aug 1995 16:50:31 -0400
I recently sent a shar containing five files to bugtraq, under the subject line "local mail delivery". I got a letter from someone who'd unpacked it and gotten files with incorrect sizes, according to the shar's internal checks. I investigated, and discovered two things: (1) Something, somewhere between me and bugtraq, expanded all the tabs in my shar (probably in my whole message) into spaces. The byte counts in the extracted files will therefore be wrong. The byte counts you should expect are as follows. (Only localmail.c and md5.c will extract with "wrong" byte counts; the .h files included no tabs.) 9636 localmail.c 5917 md5.c 204 md5.h 907 signaltype.h 0 syscalls.h (2) There is another danger lurking. The person who sent mail didn't get these byte counts; the ones reported were 12 higher for localmail.c and 17 higher for md5.c. These just happen to match counts of lines longer than 79 characters in those two files; apparently something between bugtraq and that person's extraction wrapped long lines. If you don't get the above byte counts, you may want to check for long lines getting broken. md5 checksums of the tab-expanded files (what you should get if you have no line-breaking trouble) follow. If you can patch your files up to have these checksums, I would consider them good copies - the only thing that will be wrong with them is that some of the C code will be indented by one column less than it should be. 7ffb51b358ba2b6ccb99431be41c95db localmail.c 903c9de1018f4f1d6cc38145f1ef6891 md5.c b8a0f6284da7381923d79ec8341f422d md5.h 32f828db8b9c48c7814692e3e2c97624 signaltype.h d41d8cd98f00b204e9800998ecf8427e syscalls.h der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- SECURITY HOLE: FormMail Paul Phillips (Aug 02)
- followup: local mail delivery der Mouse (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 03)
- PERL (was: Re: SECURITY HOLE: FormMail) VaX#n8 (Aug 07)
- Re: PERL (was: Re: SECURITY HOLE: FormMail) Philip Guenther (Aug 07)
- Guidelines for cgi-bin scripts Lee Silverman (Aug 08)
- Re: Guidelines for cgi-bin scripts Dave Andersen (Aug 08)
- Re: Guidelines for cgi-bin scripts Christian Wettergren (Aug 09)
- <Possible follow-ups>
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Neil Woods (Aug 05)
- More holes, was: Re: SECURITY HOLE: FormMail Ivo (Aug 05)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)