Date: Fri, 06 Dec 2002 01:14:33 +0100 From: Dan Lukes <dan@obluda.cz> To: freebsd-isp@freebsd.org Subject: Re: Sendmail + Milter + Amavis-Milter Message-ID: <3DEFEBE9.4030203@obluda.cz> In-Reply-To: <011b01c29bb8$e84096f0$92660ac8_ms.vianetworks.net.ar@ns.sol.net> References: <011b01c29bb8$e84096f0$92660ac8_ms.vianetworks.net.ar@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
hnunez@vianetworks.com.ar wrote, On 12/04/02 18:16: > Hi, > > I would like to setup Sendmail + Milter-ng + Amavis with milter > interface. ... > cc -DAMAVISD_SOCKET=\"/var/run/amavis/milter.amavis\" > -DRUNTIME_DIR=\"/var > /spool/amavis\" -DPID_FILE=\"/var/run/amavis/amavis-milter.pid\" -o > amavis-milter amavis-milter.c -L/usr/lib/libmilter/ -lmilter -lpthread Please note, the amavis-milter.c is poor quality code with several potential bugs and race conditions including but not limited to two buffer overflows (the remote exploitability is unknown) and unchecked string allocations (strdup) with potential NULL dereferencing. I sent the list of those bugs with suggested patch to author of the code, but got no response. Maybe, I know no correct place to sent the PR to ... I'm not sure if use of amavis-milter.c is real security risk (in doubth we should answer "yes", of course), but I'm pretty sure it is untrustable quick-hack-only quality code ... Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DEFEBE9.4030203>