Bugtraq mailing list archives
Re: QPOPPER problem....
From: bruno () OPENLINE COM BR (Bruno Lopes F. Cabral)
Date: Sat, 27 Jun 1998 20:18:47 -0300
Hi there. as there was an error on the patch I took, there is a new one with this simple change + vsnprintf(mp,sizeof(message) - strlen(mp) -1,format,ap); becomes + vsnprintf(mp,sizeof(message) - (mp-message)- 3, format,ap); grab the new rpm, if you wish, from the same location ftp://ftp.openline.com.br/mirror/contrib/qpopper-2.4-3.src.rpm !3runo P.S. here is the _corrected_ patch and remember this is only tested on linux. Qpopper 2.4 uses GNU autoconf and the necessary steps to modify it to search for vsnprintf are beiond my knowledge diff -uNr qpopper2.4-orig/pop_dropcopy.c qpopper2.4/pop_dropcopy.c --- qpopper2.4-orig/pop_dropcopy.c Fri Sep 12 17:23:02 1997 +++ qpopper2.4/pop_dropcopy.c Sat Jun 27 14:41:01 1998 @@ -457,6 +457,9 @@ } else cp = ""; + /* Make UIDL not longer then 128 chars, we use it + in sprintf() later on */ + if (strlen(cp) >= 128) cp[127] = 0; mp->uidl_str = (char *)strdup(cp); mp->length += nchar + 1; p->drop_size += nchar + 1; diff -uNr qpopper2.4-orig/pop_log.c qpopper2.4/pop_log.c --- qpopper2.4-orig/pop_log.c Thu Sep 11 21:21:21 1997 +++ qpopper2.4/pop_log.c Sat Jun 27 14:41:57 1998 @@ -47,7 +47,7 @@ #endif #ifdef HAVE_VPRINTF - vsprintf(msgbuf,format,ap); + vsnprintf(msgbuf,sizeof(msgbuf),format,ap); #else # ifdef PYRAMID (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6); @@ -67,6 +67,8 @@ (void)fflush(p->trace); } else { + /* Protect syslog from too long messages */ + if (strlen(msgbuf) >= 512) msgbuf[511] = 0; syslog (stat,"%s",msgbuf); } diff -uNr qpopper2.4-orig/pop_msg.c qpopper2.4/pop_msg.c --- qpopper2.4-orig/pop_msg.c Thu Sep 11 21:21:41 1997 +++ qpopper2.4/pop_msg.c Sat Jun 27 14:42:42 1998 @@ -63,7 +63,7 @@ /* Append the message (formatted, if necessary) */ if (format) #ifdef HAVE_VPRINTF - vsprintf(mp,format,ap); + vsnprintf(mp,sizeof(message) - (mp-message)- 3, format,ap); #else # ifdef PYRAMID (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);
Current thread:
- Re: patch for qpopper remote exploit bug, (continued)
- Re: patch for qpopper remote exploit bug Jon Lusky (Jun 27)
- Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
- Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Jason Ackley (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
- Re: QPOPPER problem.... Marco S Hyman (Jun 27)
- Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
- More patch ideas for qpopper Aaron D. Gifford (Jun 27)
- Re: QPOPPER problem.... Jeff Haas (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Yiorgos Adamopoulos (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Juan Diego Bolanhos Ramirez (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Bryan (Jun 27)
- NetBSD Security Advisory 1998-004: at(1) vulnerabilities. security-alert () NETBSD ORG (Jun 27)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Miquel van Smoorenburg (Jun 27)