From owner-freebsd-security  Sun May  7 21:58:52 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 340BD37BC14; Sun,  7 May 2000 21:58:48 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA42850;
	Sun, 7 May 2000 22:58:47 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA75704; Sun, 7 May 2000 22:58:34 -0600 (MDT)
Message-Id: <200005080458.WAA75704@harmony.village.org>
To: Adrian Penisoara <ady@warpnet.ro>
Subject: Re: port update: mail/imap-uw from 4.7c1 to 4.7c2 
Cc: Kris Kennaway <kris@FreeBSD.org>, security-officer@FreeBSD.org,
	freebsd-security@FreeBSD.org
In-reply-to: Your message of "Sun, 07 May 2000 11:29:27 +0300."
		<Pine.BSF.4.10.10005071113350.11460-100000@ady.warpnet.ro> 
References: <Pine.BSF.4.10.10005071113350.11460-100000@ady.warpnet.ro>  
Date: Sun, 07 May 2000 22:58:33 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.10.10005071113350.11460-100000@ady.warpnet.ro> Adrian Penisoara writes:
: +  if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX))

This one troubles me most.  If name has already exceeded its buffer,
then you may already be hosed.  Actually, that might not be the whole
story and this check is good (w/o looking at the source I don't
know).

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message