[3495] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Remote exploit in sendmail 8.8.0

daemon@ATHENA.MIT.EDU (Thomas Roessler)
Thu Oct 17 13:46:04 1996

Date: 	Thu, 17 Oct 1996 09:45:51 GMT
Reply-To: Thomas Roessler <roessler@sobolev.rhein.de>
From: Thomas Roessler <roessler@sobolev.rhein.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>

In article <199610170116.SAA04638@abraham.cs.berkeley.edu>,
John Anonymous MacDonald wrote:

>                /* quoted-printable */
>                obp = obuf;
>                while (fgets(buf, sizeof buf, e->e_dfp) != NULL)
>                {
>                        if (mime_fromqp((u_char *) buf, &obp, 0, MAXLINE) == 0)
>                                continue;

>                        putline((char *) obuf, mci);
>                        obp = obuf;
>                }

Am I seriously mistaken when I say that changing MAXLINE to (MAXLINE -
(obp - obuf)) and additionally changing every occurence of

        if (++nchar > maxlen)
                break;

to

        if (++nchar >= maxlen)
                break;

in mime_fromqp() will fix this problem and another one related to the
trailing '\0'?

tlr
--
Thomas Roessler                           http://www.rhein.de/~roessler/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3495] in bugtraq

Re: Remote exploit in sendmail 8.8.0

daemon@ATHENA.MIT.EDU (Thomas Roessler)Thu Oct 17 13:46:04 1996

daemon@ATHENA.MIT.EDU (Thomas Roessler)
Thu Oct 17 13:46:04 1996