Date: Mon, 13 May 1996 16:01:31 -0500 (CDT) From: Tony Kimball <alk@Think.COM> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/1200: popclient port Message-ID: <199605132101.QAA26577@compound.Think.COM> Resent-Message-ID: <199605132110.OAA23111@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1200
>Category: ports
>Synopsis: pop3 requests may crash client
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 13 14:10:02 PDT 1996
>Last-Modified:
>Originator: Tony Kimball
>Organization:
Dis
>Release: FreeBSD 2.2-CURRENT i386
>Environment:
any FreeBSD
>Description:
writing past the end of a stack buffer to append a newline
may cause catastrophic client failure.
>How-To-Repeat:
data-dependent. I cannot provide my spool file.
>Fix:
diff popclient-3.0b6/pop3.c ../popclient-3.0b6/pop3.c
586c586
< char buf [MSGBUFSIZE];
---
> char buf [MSGBUFSIZE+4];
589c589
< char fromBuf[MSGBUFSIZE];
---
> char fromBuf[MSGBUFSIZE+4];
612c612
< if (SockGets(socket,buf,sizeof(buf)) < 0)
---
> if (SockGets(socket,buf,MSGBUFSIZE) < 0)
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605132101.QAA26577>