Bugtraq mailing list archives

Re: QPOPPER problem....

From: jmh () MAIL MSEN COM (Jeff Haas)
Date: Sat, 27 Jun 1998 16:16:05 -0400


On Sat, Jun 27, 1998 at 09:35:54AM -0700, Jason Ackley wrote:

 Stock BSDi 3.0(3.1) all the latest patches(M310-034) DOES core dump , but
does not print out the 'ERR', so BSDi people may want to keep that in
mind..

I also tested with 2.4, and 2.41beta1, applying patches now and will see
what it does..


2.41beta works perfectly fine for 2.1 and 3.1 of BSD/OS after patching.
However, one of the patches mentioned here on the list was not correct.

Additionally, we incorporated the change to drop_copy.

If anyone wants a pre-compiled binary for 2.1 and 3.1, feel free
to drop me a line.

We have applied the following:

*** qpopper2.41beta1/pop_msg.c  Wed Nov 19 16:20:38 1997
--- qpopper2.41beta1.new/pop_msg.c      Sat Jun 27 15:27:50 1998
***************
*** 63,69 ****
      /*  Append the message (formatted, if necessary) */
      if (format)
  #ifdef HAVE_VPRINTF
!         vsprintf(mp,format,ap);
  #else
  # ifdef PYRAMID
          (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);
--- 63,69 ----
      /*  Append the message (formatted, if necessary) */
      if (format)
  #ifdef HAVE_VPRINTF
!         vsnprintf(mp,sizeof(message) - (mp-message)- 3, format,ap);
  #else
  # ifdef PYRAMID
          (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);

*** qpopper2.41beta1/pop_log.c  Wed Nov 19 16:20:38 1997
--- qpopper2.41beta1.new/pop_log.c      Sat Jun 27 14:07:19 1998
***************
*** 47,53 ****
  #endif

  #ifdef HAVE_VPRINTF
!         vsprintf(msgbuf,format,ap);
  #else
  # ifdef PYRAMID
          (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6);
--- 47,53 ----
  #endif

  #ifdef HAVE_VPRINTF
!         vsnprintf(msgbuf,sizeof(msgbuf),format,ap);
  #else
  # ifdef PYRAMID
          (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6);

*** qpopper2.41beta1/pop_dropcopy.c     Wed Nov 19 16:20:38 1997
--- qpopper2.41beta1.new/pop_dropcopy.c Sat Jun 27 14:11:47 1998
***************
*** 456,461 ****
--- 456,462 ----
                          uidl_found--; /*roll over as though it hasn't seen anything*/
                          continue;
                      }
+                   if (strlen(cp) >= 128) cp[127] = 0;
                    mp->uidl_str = (char *)strdup(cp);
                    mp->length += nchar + 1;
                    p->drop_size += nchar + 1;

Jason Ackley


P.S.
Does anyone have any tricks for debugging this type of code when launched
in a daemon situation?  The core dumps are not useful since the stack is
smashed and I don't know how to recover any valid stack frames.

--
Jeffrey Haas -+- jmh () msen com -+- http://www.msen.com/~jmh
/\/\sen, Inc. "Michigan's Best Run Internet Service Provider."

Current thread:

Users can view script source from Win WebServers, (continued)
- - - Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
  - Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
  - Re: QPOPPER problem.... Jason Ackley (Jun 27)
    - Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
    - patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
    - Re: QPOPPER problem.... Marco S Hyman (Jun 27)
    - Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
    - More patch ideas for qpopper Aaron D. Gifford (Jun 27)
    - Re: QPOPPER problem.... Jeff Haas (Jun 27)
  - Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)
- NetBSD Security Advisory 1998-004: at(1) vulnerabilities. security-alert () NETBSD ORG (Jun 27)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Miquel van Smoorenburg (Jun 27)