Date: Wed, 27 Sep 2000 00:43:41 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: security@freebsd.org, ports@freebsd.org Subject: pine from: buffer overflow patch Message-ID: <Pine.BSF.4.21.0009270035470.51183-200000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hello, fellow pine 4 users. This patch should fix the pine from: overflow which was posted to bugtraq a few days ago. I'd appreciate it if others could test/review this patch so that we can get it put into the ports tree ASAP. (Presumably pine 3 should also be patched, but I'm not interested in touching it. Is anyone interested in removing the pine3 port?) Feedback is greatly appreciated, Mike "Silby" Silbersack [-- Attachment #2 --] *** pine/newmail.c.orig Mon Sep 25 15:07:01 2000 --- pine/newmail.c Tue Sep 26 15:34:24 2000 *************** *** 342,348 **** e->from->personal, NULL), ps_global->ttyo->screen_cols); else ! sprintf(from + ((number > 1L) ? 18 : 6), "%s%s%s", e->from->mailbox, e->from->host ? "@" : "", e->from->host ? e->from->host : ""); --- 342,349 ---- e->from->personal, NULL), ps_global->ttyo->screen_cols); else ! snprintf(from + ((number > 1L) ? 18 : 6), sizeof(from) - strlen(from), ! "%s%s%s", e->from->mailbox, e->from->host ? "@" : "", e->from->host ? e->from->host : "");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009270035470.51183-200000>