Bugtraq mailing list archives
More patch ideas for qpopper
From: agifford () INFOWEST COM (Aaron D. Gifford)
Date: Sat, 27 Jun 1998 14:15:26 -0600
I noticed that popper.h had a #define for MAXPARMLEN but never used it. I decided it's a good idea and added it to my popper on top of some of the other patches I've seen here. I bumped up the MAXPARMLEN size to 16. So far on my FreeBDS-based system with only 5,000 users, I haven't noticed any problems yet. Is there a reason the qpopper folks didn't do this in the first place? The defined it, but never used it. Puzzled, Aaron out. diff -p qpopper2.41beta1/pop_parse.c qpopper2.41beta1+infowest/pop_parse.c *** qpopper2.41beta1/pop_parse.c Wed Nov 19 14:20:38 1997 --- qpopper2.41beta1+infowest/pop_parse.c Sat Jun 27 13:48:30 1998 *************** char * buf; /* Pointer *** 26,31 **** --- 26,32 ---- { char * mp; register int i; + register int parmlen; /* Loop through the POP command array */ for (mp = buf, i = 0; ; i++) { *************** char * buf; /* Pointer *** 45,52 **** /* Point to the start of the token */ p->pop_parm[i] = mp; /* Search for the first space character (end of the token) */ ! while (!isspace(*mp) && *mp) mp++; /* Delimit the token with a null */ if (*mp) *mp++ = 0; --- 46,68 ---- /* Point to the start of the token */ p->pop_parm[i] = mp; + /* Start counting the length of this token */ + parmlen = 0; + /* Search for the first space character (end of the token) */ ! while (!isspace(*mp) && *mp) { ! mp++; ! if (++parmlen > MAXPARMLEN) { ! /* Truncate parameter to the max. allowable size */ ! *mp = '\0'; ! if (i == 0) { ! pop_msg(p,POP_FAILURE,"Command \"%s\" (truncated) exceedes maximum permitted size.", ! p->pop_command); ! } else { ! pop_msg(p,POP_FAILURE,"Argument %d \"%s\" (truncated) exceeds maximum permitted size.", ! i, p->pop_parm[i]); ! } ! return(-1); ! } ! } /* Delimit the token with a null */ if (*mp) *mp++ = 0; diff -p qpopper2.41beta1/popper.h qpopper2.41beta1+infowest/popper.h *** qpopper2.41beta1/popper.h Wed Nov 19 14:20:39 1997 --- qpopper2.41beta1+infowest/popper.h Sat Jun 27 13:59:57 1998 *************** *** 64,70 **** #define MAXMSGLINELEN MAXLINELEN #define MAXCMDLEN 4 #define MAXPARMCOUNT 5 ! #define MAXPARMLEN 10 #define ALLOC_MSGS 20 #ifndef OSF1 --- 69,75 ---- #define MAXMSGLINELEN MAXLINELEN #define MAXCMDLEN 4 #define MAXPARMCOUNT 5 ! #define MAXPARMLEN 16 #define ALLOC_MSGS 20 #ifndef OSF1
Current thread:
- Re: patch for qpopper remote exploit bug, (continued)
- Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
- Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Jason Ackley (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
- Re: QPOPPER problem.... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- More patch ideas for qpopper Aaron D. Gifford (Jun 27)
- Re: QPOPPER problem.... Jeff Haas (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)
- NetBSD Security Advisory 1998-004: at(1) vulnerabilities. security-alert () NETBSD ORG (Jun 27)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Miquel van Smoorenburg (Jun 27)