Bugtraq mailing list archives
Re: QPOPPER problem....
From: bruno () OPENLINE COM BR (Bruno Lopes F. Cabral)
Date: Sat, 27 Jun 1998 15:47:39 -0300
Hi there Here is the proper join of Miquel van Smoorenburg and Roy Hooper security patches applied to qpopper 2.4. as I mantain the rpm version of pammified qpopper, you could grab everything from ftp://ftp.openline.com.br/mirror/contrib/qpopper-2.4-2.src.rpm !3runo diff -uNr qpopper2.4-orig/pop_dropcopy.c qpopper2.4/pop_dropcopy.c --- qpopper2.4-orig/pop_dropcopy.c Fri Sep 12 17:23:02 1997 +++ qpopper2.4/pop_dropcopy.c Sat Jun 27 14:41:01 1998 @@ -457,6 +457,9 @@ } else cp = ""; + /* Make UIDL not longer then 128 chars, we use it + in sprintf() later on */ + if (strlen(cp) >= 128) cp[127] = 0; mp->uidl_str = (char *)strdup(cp); mp->length += nchar + 1; p->drop_size += nchar + 1; diff -uNr qpopper2.4-orig/pop_log.c qpopper2.4/pop_log.c --- qpopper2.4-orig/pop_log.c Thu Sep 11 21:21:21 1997 +++ qpopper2.4/pop_log.c Sat Jun 27 14:41:57 1998 @@ -47,7 +47,7 @@ #endif #ifdef HAVE_VPRINTF - vsprintf(msgbuf,format,ap); + vsnprintf(msgbuf,sizeof(msgbuf),format,ap); #else # ifdef PYRAMID (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6); @@ -67,6 +67,8 @@ (void)fflush(p->trace); } else { + /* Protect syslog from too long messages */ + if (strlen(msgbuf) >= 512) msgbuf[511] = 0; syslog (stat,"%s",msgbuf); } diff -uNr qpopper2.4-orig/pop_msg.c qpopper2.4/pop_msg.c --- qpopper2.4-orig/pop_msg.c Thu Sep 11 21:21:41 1997 +++ qpopper2.4/pop_msg.c Sat Jun 27 14:42:42 1998 @@ -63,7 +63,7 @@ /* Append the message (formatted, if necessary) */ if (format) #ifdef HAVE_VPRINTF - vsprintf(mp,format,ap); + vsnprintf(mp,sizeof(message) - strlen(mp) -1,format,ap); #else # ifdef PYRAMID (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);
Current thread:
- patch for qpopper remote exploit bug, (continued)
- patch for qpopper remote exploit bug Roy Hooper (Jun 27)
- Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
- Re: patch for qpopper remote exploit bug Theo de Raadt (Jun 27)
- Re: patch for qpopper remote exploit bug Jon Lusky (Jun 27)
- Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
- Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Jason Ackley (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
- Re: QPOPPER problem.... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- More patch ideas for qpopper Aaron D. Gifford (Jun 27)
- Re: QPOPPER problem.... Jeff Haas (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)
- patch for qpopper remote exploit bug Roy Hooper (Jun 27)
- NetBSD Security Advisory 1998-004: at(1) vulnerabilities. security-alert () NETBSD ORG (Jun 27)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Miquel van Smoorenburg (Jun 27)