Bugtraq mailing list archives
Re: [VulnWatch] pgp4pine stack overflow vulnerability
From: Jacek Lipkowski <sq5bpf () acid ch pw edu pl>
Date: Thu, 13 Mar 2003 12:52:14 +0100 (CET)
On Wed, 12 Mar 2003, Eric AUGE wrote:
IV Workaround/Solutions Deactivate pgp4pine and use another pgp wrapper for pine : http://pgpenvelope.sourceforge.net/ http://www.megaloman.com/~hany/software/pinepgp/stable.html or any other...
or use the following trivial patch: --- menus.c.orig 2003-03-13 11:16:43.000000000 +0100 +++ menus.c 2003-03-13 12:44:45.000000000 +0100 @@ -34,11 +34,13 @@ executed, EOF breaks directly */ return; } - else if ((readline[i++]=c) == '\n') + else if ((readline[i]=c) == '\n') { +if (i<(CONSOLE_IO_LINE_LENGTH-2)) i++; readline[i]='\0'; fertig=1; } +else if (i<(CONSOLE_IO_LINE_LENGTH-2)) i++; } fertig=0;
Current thread:
- pgp4pine stack overflow vulnerability Eric AUGE (Mar 12)
- Re: [VulnWatch] pgp4pine stack overflow vulnerability Jacek Lipkowski (Mar 13)