Date: Sun, 31 Mar 2002 00:20:28 -0800 (PST) From: Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/mail/qpopper Makefile ports/mail/qpopper/files patch-popper::popper.c Message-ID: <200203310820.g2V8KSX27932@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
lioux 2002/03/31 00:20:28 PST
Modified files:
mail/qpopper Makefile
Added files:
mail/qpopper/files patch-popper::popper.c
Log:
Fix following security issue: "If a string of longer than approximately
2048 characters is sent to the qpopper process, a denial of service
condition will occur"
Actually, this is caused by an incorrect assumption. qpopper uses
the same buffer over and over when communicating. However, it never
makes sure that the buffer has been updated if something goes wrong.
Therefore, one can try to add to this buffer over and over; thus,
consuming available resources.
Solution, do not follow unofficial patch available in bugtraq mailing
list since losing pointer references is not an option. Otherwise,
change the way both getline and tgetline functions work. Just so
that they resemble read(2) return codes as follows:
1) if < 0 problem
2) if >= 0 user typed something (enter without anything else is
something)
First patch sent by Isao SEKI <iseki@gongon.com>
PR: 36326
Prompted by: Alessandro de Manzano <ale@unixmania.net>,
Isao SEKI <iseki@gongon.com>
Reviewed by: eivind,
Alessandro de Manzano <ale@unixmania.net>,
David Rufino <dr@soniq.net>,
Isao SEKI <iseki@gongon.com>
Revision Changes Path
1.64 +1 -1 ports/mail/qpopper/Makefile
1.1 +116 -0 ports/mail/qpopper/files/patch-popper::popper.c (new)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203310820.g2V8KSX27932>