Bugtraq mailing list archives
More patch ideas for qpopper
From: agifford () INFOWEST COM (Aaron D. Gifford)
Date: Sat, 27 Jun 1998 14:15:26 -0600
I noticed that popper.h had a #define for MAXPARMLEN but never used it. I
decided it's a good idea and added it to my popper on top of some of the other
patches I've seen here. I bumped up the MAXPARMLEN size to 16. So far on my
FreeBDS-based system with only 5,000 users, I haven't noticed any problems
yet.
Is there a reason the qpopper folks didn't do this in the first place? The
defined it, but never used it.
Puzzled,
Aaron out.
diff -p qpopper2.41beta1/pop_parse.c qpopper2.41beta1+infowest/pop_parse.c
*** qpopper2.41beta1/pop_parse.c Wed Nov 19 14:20:38 1997
--- qpopper2.41beta1+infowest/pop_parse.c Sat Jun 27 13:48:30 1998
*************** char * buf; /* Pointer
*** 26,31 ****
--- 26,32 ----
{
char * mp;
register int i;
+ register int parmlen;
/* Loop through the POP command array */
for (mp = buf, i = 0; ; i++) {
*************** char * buf; /* Pointer
*** 45,52 ****
/* Point to the start of the token */
p->pop_parm[i] = mp;
/* Search for the first space character (end of the token) */
! while (!isspace(*mp) && *mp) mp++;
/* Delimit the token with a null */
if (*mp) *mp++ = 0;
--- 46,68 ----
/* Point to the start of the token */
p->pop_parm[i] = mp;
+ /* Start counting the length of this token */
+ parmlen = 0;
+
/* Search for the first space character (end of the token) */
! while (!isspace(*mp) && *mp) {
! mp++;
! if (++parmlen > MAXPARMLEN) {
! /* Truncate parameter to the max. allowable size */
! *mp = '\0';
! if (i == 0) {
! pop_msg(p,POP_FAILURE,"Command \"%s\"
(truncated) exceedes maximum permitted size.",
! p->pop_command);
! } else {
! pop_msg(p,POP_FAILURE,"Argument %d \"%s\"
(truncated) exceeds maximum permitted size.",
! i, p->pop_parm[i]);
! }
! return(-1);
! }
! }
/* Delimit the token with a null */
if (*mp) *mp++ = 0;
diff -p qpopper2.41beta1/popper.h qpopper2.41beta1+infowest/popper.h
*** qpopper2.41beta1/popper.h Wed Nov 19 14:20:39 1997
--- qpopper2.41beta1+infowest/popper.h Sat Jun 27 13:59:57 1998
***************
*** 64,70 ****
#define MAXMSGLINELEN MAXLINELEN
#define MAXCMDLEN 4
#define MAXPARMCOUNT 5
! #define MAXPARMLEN 10
#define ALLOC_MSGS 20
#ifndef OSF1
--- 69,75 ----
#define MAXMSGLINELEN MAXLINELEN
#define MAXCMDLEN 4
#define MAXPARMCOUNT 5
! #define MAXPARMLEN 16
#define ALLOC_MSGS 20
#ifndef OSF1
Current thread:
- Re: patch for qpopper remote exploit bug, (continued)
- Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
- Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Jason Ackley (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
- Re: QPOPPER problem.... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- More patch ideas for qpopper Aaron D. Gifford (Jun 27)
- Re: QPOPPER problem.... Jeff Haas (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)
- NetBSD Security Advisory 1998-004: at(1) vulnerabilities. security-alert () NETBSD ORG (Jun 27)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Miquel van Smoorenburg (Jun 27)