Bugtraq mailing list archives
More about UW c-client library
From: Juhapekka Tolvanen <juhtolv () ST JYU FI>
Date: Sat, 2 Sep 2000 00:18:14 +0300
Here is more information about that bug. http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=70647 It seems, that they will have some patch real soon: (CLIP HERE)
Upon a quick glance, there indeed appears to be no checks at all for buffer overflows. A buf of 8k is allocated into which the From:, Status:, X-Status, and X-Keywords: headers are placed, with simple sprintf (buf + strlen (buf),"... commands. So having extremely long X-Keywords in mail messages will screw things up. Double yuck. This is in imap-4.7c/src/osdep/unix/unix.c BTW. See the original message and the accompanying thread in debian-devel, archive/latest/67244 , Message-ID <39AD820C.6AD0818C () axis com> from Cristian Ionescu-Idbohrn <cii () axis com>
Ok, I've patched unix.c to use snprintf(3) instead of sprintf(3). This is only the tip of the iceberg however. There is a source code scanner called its4 which checks for unsafe coding practices and I ran it on imapd. The report was about a mile long :( (CLIP HERE) -- Juhapekka "naula" Tolvanen * * * U of Jyväskylä * * juhtolv () st jyu fi http://www.cc.jyu.fi/~juhtolv/index.html * "STRAIGHT BUT NOT NARROW!" --------------------------------------------------------------------- "so impressed with all you do. tried so hard to be like you. flew too high and burnt the wing. lost my faith in everything" nine inch nails
Current thread:
- More about UW c-client library Juhapekka Tolvanen (Sep 02)
- Re: More about UW c-client library Jaldhar H. Vyas (Sep 02)