Date: Sun, 07 May 2000 22:58:33 -0600 From: Warner Losh <imp@village.org> To: Adrian Penisoara <ady@warpnet.ro> Cc: Kris Kennaway <kris@FreeBSD.org>, security-officer@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: port update: mail/imap-uw from 4.7c1 to 4.7c2 Message-ID: <200005080458.WAA75704@harmony.village.org> In-Reply-To: Your message of "Sun, 07 May 2000 11:29:27 %2B0300." <Pine.BSF.4.10.10005071113350.11460-100000@ady.warpnet.ro> References: <Pine.BSF.4.10.10005071113350.11460-100000@ady.warpnet.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.10005071113350.11460-100000@ady.warpnet.ro> Adrian Penisoara writes: : + if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX)) This one troubles me most. If name has already exceeded its buffer, then you may already be hosed. Actually, that might not be the whole story and this check is good (w/o looking at the source I don't know). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005080458.WAA75704>