[5947] in bugtraq
Re: KSR[T] Advisory #6: deliver
daemon@ATHENA.MIT.EDU (Chip Salzenberg)
Tue Jan 13 00:24:39 1998
Date: Mon, 12 Jan 1998 13:46:07 -0500
Reply-To: chip@pobox.com
From: Chip Salzenberg <chip@ATLANTIC.NET>
X-To: ksrt@DEC.NET
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.980112084724.18693B-100000@ogbanje.dec.net> from
"KSR[T]" at "Jan 12, 98 08:48:26 am"
KSR's proposed patch to Deliver has a bug:
According to KSR[T]:
> + char token[BUFSIZ]; /* Probably paranoid. */
>
> + while (isascii(*lexptr) && isalpha(*lexptr) && i < BUFSIZ)
> token[i++] = *lexptr++;
> token[i] = '\0';
Buffer overrun is possible here.
I suggest anyone who uses Deliver just get the current tarball:
http://www.pobox.com/~chip/deliver-2.1.13.tar.gz
--
Chip Salzenberg - a.k.a. - <chip@pobox.com>
"I stopped that bus and I saved them kids!" "All except one -- the one
you let drive!" "He showed me his license..." "He was seven!!!" // MST3K
