From owner-freebsd-hackers@FreeBSD.ORG  Mon Jan 19 09:59:21 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D9E9016A4CE
	for <freebsd-hackers@freebsd.org>;
	Mon, 19 Jan 2004 09:59:21 -0800 (PST)
Received: from ns2.alphaque.com (ns2.alphaque.com [202.75.47.153])
	by mx1.FreeBSD.org (Postfix) with SMTP id 507FC43D2D
	for <freebsd-hackers@freebsd.org>;
	Mon, 19 Jan 2004 09:59:15 -0800 (PST)
	(envelope-from dinesh@alphaque.com)
Received: (qmail 90143 invoked by uid 0); 19 Jan 2004 17:59:13 -0000
Received: from lucifer.net-gw.com (HELO prophet.alphaque.com) (202.75.47.153)
  by lucifer.net-gw.com with SMTP; 19 Jan 2004 17:59:13 -0000
Received: from localhost (localhost.alphaque.com [127.0.0.1])
	by prophet.alphaque.com (8.12.10/8.12.9) with ESMTP id i0JHipx3002281;
	Tue, 20 Jan 2004 01:44:51 +0800 (MYT)
	(envelope-from dinesh@alphaque.com)
Date: Tue, 20 Jan 2004 01:44:51 +0800 (MYT)
From: Dinesh Nair <dinesh@alphaque.com>
To: Anton Alin-Adrian <aanton@reversedhell.net>
In-Reply-To: <400BD1D3.10201@reversedhell.net>
Message-ID: <20040120014314.S312-100000@prophet.alphaque.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-hackers@freebsd.org
Subject: Re: qmail remote root patch
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jan 2004 17:59:22 -0000


On Mon, 19 Jan 2004, Anton Alin-Adrian wrote:
> > Regarding latest qmail vulnerability, I coded this quickly patch.
> > Please double-check me if I am wrong here. Forward this to
> > freebsd-security please.
> >320c320
> ><       ++pos;
> >---
> >
> >
> >>      if (pos>9) ++pos;
> http://www.guninski.com/qmailcrash.html

woulnd't it be better to switch pos from an int to a u_int ? or do
specific bounds checking before incrementing pos ? this patch seems to
_only_ increment pos if it's > 9, and reading the code will show you where
you're going to get into some problems. :)

Regards,                           /\_/\   "All dogs go to heaven."
dinesh@alphaque.com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+