[2167] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] ipop2d buffer overflow fix (fwd)

daemon@ATHENA.MIT.EDU (R. DuFresne)
Fri Jun 11 06:40:26 1999

Date: Fri, 11 Jun 1999 03:41:50 -0500 (CDT)
From: "R. DuFresne" <dufresne@sysinfo.com>
To: akerasotes@kerasotes.com
cc: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


[mod: In addition to this, Jon points us to:
  http://www.redhat.com/corp/support/errata/rh52-errata-general.html#imap
for the official fix from Red Hat. -- REW]

---------- Forwarded message ----------
From: dumped <dumped@SEKURE.ORG>
Subject: ipop2d buffer overflow fix
Resent-Subject: ipop2d buffer overflow fix
Date: Thu, 3 Jun 1999 17:29:05 -0300
Resent-Date: Fri, 4 Jun 1999 00:52:49 -0500 (CDT)
Resent-From: Ron DuFresne <dufresne@winternet.com>
To: BUGTRAQ@netspace.org
Resent-To: dufresne <dufresne@darkstar.sysinfo.com>

This patch fixes the buffer overflow previously pointed by Thiago.


diff -Nur imap-4.4.orig/src/ipopd/ipop2d.c imap-4.4/src/ipopd/ipop2d.c
--- imap-4.4.orig/src/ipopd/ipop2d.c	Thu Jun  3 18:35:15 1999
+++ imap-4.4/src/ipopd/ipop2d.c	Thu Jun  3 18:37:02 1999
@@ -10,7 +10,10 @@
  *		Internet: MRC@CAC.Washington.EDU
  *
  * Date:	28 October 1990
- * Last Edited:	13 July 1998
+ * Last Edited:	3 June 1999
+ *
+ * dumped (dumped@sekure.org) 3/Jun/99 :
+ * fixed a buffer overflow in c_fold()
  *
  * Copyright 1998 by the University of Washington
  *
@@ -306,7 +309,8 @@
 				/* don't permit proxy to leave IMAP */
   if (stream && stream->mailbox && (s = strchr (stream->mailbox,'}'))) {
     strncpy (tmp,stream->mailbox,i = (++s - stream->mailbox));
-    strcpy (tmp+i,t);		/* append mailbox to initial spec */
+    strncpy (tmp+i,t,sizeof(tmp) - strlen(stream->mailbox));	
+	/* append mailbox to initial spec */
     t = tmp;
   }
 				/* open mailbox, note # of messages */

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null
home help back first fref pref prev next nref lref last post