Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Dec 2002 01:14:33 +0100
From:      Dan Lukes <dan@obluda.cz>
To:        freebsd-isp@freebsd.org
Subject:   Re: Sendmail + Milter + Amavis-Milter
Message-ID:  <3DEFEBE9.4030203@obluda.cz>
In-Reply-To: <011b01c29bb8$e84096f0$92660ac8_ms.vianetworks.net.ar@ns.sol.net>
References:  <011b01c29bb8$e84096f0$92660ac8_ms.vianetworks.net.ar@ns.sol.net>

next in thread | previous in thread | raw e-mail | index | archive | help
hnunez@vianetworks.com.ar wrote, On 12/04/02 18:16:

> Hi,
>
>  I would like to setup Sendmail + Milter-ng + Amavis with milter 
> interface.

...

> cc  -DAMAVISD_SOCKET=\"/var/run/amavis/milter.amavis\" 
> -DRUNTIME_DIR=\"/var
> /spool/amavis\"  -DPID_FILE=\"/var/run/amavis/amavis-milter.pid\"  -o
> amavis-milter amavis-milter.c  -L/usr/lib/libmilter/ -lmilter -lpthread

	Please note, the amavis-milter.c is poor quality code with several 
potential bugs and race conditions including but not limited to two 
buffer overflows (the remote exploitability is unknown) and unchecked 
string allocations (strdup) with potential NULL dereferencing.

	I sent the list of those bugs with suggested patch to author of the 
code, but got no response. Maybe, I know no correct place to sent the PR 
to ...


	I'm not sure if use of amavis-milter.c is real security risk (in doubth 
we should answer "yes", of course), but I'm pretty sure it is 
untrustable quick-hack-only quality code ...

					Dan

-- 
Dan Lukes     tel: +420 2 21914205, fax: +420 2 21914206
root of  FIONet, KolejNET,  webmaster  of www.freebsd.cz
AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DEFEBE9.4030203>