Bugtraq mailing list archives

Re: patch for qpopper remote exploit bug

From: ben () ALGROUP CO UK (Ben Laurie)
Date: Sun, 28 Jun 1998 21:02:18 +0100


Steven Winikoff wrote:

This version follows the semantics for vsnprintf() as found in
NetBSD/386 1.2:

8<----------------------------   cut here   -------------------------->8
#include <stdarg.h>
#include <stdio.h>
#include <string.h>

/*
 *   vsnprintf() -- hacked interface, because DEC OSF/1 doesn't
 *                  have the real thing...
 *
 *   Steven Winikoff
 *   1998/06/27
 *
 *   This code is rather feeble-minded; all it does is truncate the
 *   given string temporarily, call vsprintf() to "print" it, and
 *   then restore the original string.
 *
 *   We return whatever we got from vsprintf().
 */

int vsnprintf(char *str, size_t n, const char *fmt, va_list ap)
{
   int  result;
   char c;

   /**  do we even need to bother?  **/

   if (strlen(str) < n) return(vsprintf(str, fmt, ap));

   /**  okay, truncate, call vsprintf(), and restore:  **/

   c        = str[n-1];
   str[n-1] = '\0';                   /* take that! :-)         */
   result   = vsprintf(str, fmt, ap); /* do the write thing :-) */
   str[n-1] = c;                      /* all better now :-)     */

   return(result);
}
8<----------------------------   cut here   -------------------------->8

I don't know if this is helpful at all, but I figured I should pass it
on anyway just in case.


WTF? This doesn't even remotely do what vsnprintf() does!

BTW, Apache has an implementation of vsnprintf() that we use coz not all
platforms supply it. So long as appropriate credits are given and due
regard is paid to licensing and licence compatibility, I see no reason
why people shouldn't use it.

Cheers,

Ben.

--
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben () algroup co uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

Current thread:

Re: patch for qpopper remote exploit bug Steven Winikoff (Jun 28)
- <Possible follow-ups>
- Re: patch for qpopper remote exploit bug Ben Laurie (Jun 28)
- Re: patch for qpopper remote exploit bug Johan Danielsson (Jun 28)
- Re: patch for qpopper remote exploit bug Steven Winikoff (Jun 29)
- Re: patch for qpopper remote exploit bug Kev (Jun 29)
  - Re: patch for qpopper remote exploit bug David DeSimone (Jun 30)
  - SECURITY: too many new packages twiztah (Jun 30)
    - Environment variables (SECURITY: too many new packages) Alan Cox (Jun 29)
    - Qualcomm's qpopper 2.5 Aleph One (Jun 30)