[7158] in bugtraq
qpopper2.52
daemon@ATHENA.MIT.EDU (Alan J Rosenthal)
Thu Jul 2 16:14:20 1998
Date: Thu, 2 Jul 1998 12:51:50 -0400
Reply-To: Alan J Rosenthal <flaps@DGP.TORONTO.EDU>
From: Alan J Rosenthal <flaps@DGP.TORONTO.EDU>
To: BUGTRAQ@NETSPACE.ORG
While diffing the new qpopper distribution with my own modified
qpopper2.41beta directory, I found something interesting in pop_uidl.c
-- interesting to me at least, hopefully y'all on the list will assure me
that it is not, in fact, interesting. I had modified my 2.41beta directory
in accordance with hints on this list, and the diffs found overflow checks
missing in the new pop_uidl.c:
diff -rs qpopper2.41beta1/pop_uidl.c qpopper2.5/pop_uidl.c
60c60
< sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str);
---
> sprintf(buffer, "%d %s", msg_id, mp->uidl_str);
...
153c149
< sprintf(buffer, "%d %.900s", msg_id, mp->uidl_str);
---
> sprintf(buffer, "%d %s", msg_id, mp->uidl_str);
170c166
< sprintf(buffer, "%d %.900s", x, mp->uidl_str);
---
> sprintf(buffer, "%d %s", x, mp->uidl_str);
Are these limits in fact unnecessary, or have the qualcomm folks missed a few?
(This file is the same in v2.52 -- got in this morning and started working on
the 2.5 version before I saw last night's bugtraq mail... arggh)
If these limits are indeed necessary, note that there's also a copy of this
sprintf call on line 76.
regards,
