fetchmail-friends
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fetchmail][PATCH] Security fix for buffer overflow on rfc822.c(nxtaddr)

2001-06-19 21:56:41
from [Eric S. Raymond] [Permanent Link] 
Henrique de Moraes Holschuh <hmh(_at_)debian(_dot_)org>:

On Tue, 12 Jun 2001, Henrique de Moraes Holschuh wrote:

Patch attached. Refers to Debian bug # 100394. This bug has been there
sleeping for a VERY long time... back to 5.5.3 at the very least (unless
some other code avoided calling nxtaddr in long headers back then... I
didn't check).


And of course, the code broke because of it. Please see #101530.


-#define HEADER_END(p)      ((p)[0] == '\n' && ((p)[1] != ' ' && (p)[1] != 
'\t'))
+#define HEADER_END(p)      ((p)[0] == '\n' && ((p)[1] != ' ' && (p)[1] != 
'\t' && (p)[1] != '\0'))


This needs to be backed out, or the multidrop code breaks. The rest of the
patch works.


Done.
-- 
                <a href="http://www.tuxedo.org/~esr/";>Eric S. Raymond</a>

Courage is resistance of fear, mastery of fear, not absence of fear.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fetchmail]Hang on large messages, Alan Jackson
Next by Date:  Re: [fetchmail]Patch: don't exit at a DNS-error at startup, Rob MacGregor
Previous by Thread:  Re: [fetchmail][PATCH] Security fix for buffer overflow on rfc822.c(nxtaddr), Henrique de Moraes Holschuh
Next by Thread:  [fetchmail][fetchmail-announce] The 5.8.6 release of fetchmail is available, Eric S. Raymond
Indexes:  [Date] [Thread] [Top] [All Lists]