Bugtraq mailing list archives
Re: QPOPPER problem.... ONE crude patch...
From: ryde () TRIPNET SE (Daniel Ryde)
Date: Sat, 27 Jun 1998 18:31:05 +0200
On Sat, 27 Jun 1998, Tom Brown wrote:
vsnprintf(mp,sizeof(message)-(mp - message)-3,format,ap);
Dangerous, if the string is truncated it will skip the null termination, then later the strcat might fail miserably (unless all arcitectures makes for sure that, when allocated, the string is filled with null, which I really doubt). Another note is the next lines of sprintf (architectures that dont have vsprintf) that will have the same problem as vsprintf. Change these to snprintf in a similar way, and add a null to the end. Best Regards Daniel Ryde, System Administrator __________________________________________________________________________ Tripnet AB Visit Address: Telephone: +46 31 7252500 Box 5071 Avagen 42 Facsimile: +46 31 7252501 S-402 22 GOTEBORG GOTEBORG Email: ryde () tripnet se Sweden Sweden
Current thread:
- !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Seth McGann (Jun 26)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Theo de Raadt (Jun 27)
- patch for qpopper remote exploit bug Roy Hooper (Jun 27)
- Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
- Re: patch for qpopper remote exploit bug Theo de Raadt (Jun 27)
- Re: patch for qpopper remote exploit bug Jon Lusky (Jun 27)
- Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
- Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Jason Ackley (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
- Re: QPOPPER problem.... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- More patch ideas for qpopper Aaron D. Gifford (Jun 27)
- Re: QPOPPER problem.... Jeff Haas (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)