On Tue, 12 Mar 2002, Jakob Hirsch wrote:
fetchmail: ESMTP CRAM-MD5 Authentication...
fetchmail: Challenge decoded:
<316(_dot_)242024192(_at_)smtp(_dot_)mailkeep(_dot_)net>
Segmentation fault (core dumped)
Ugh.
I just looked at the code in smtp.c. It is full of buffer overflows. SMTP
auth is, as currently implemented in 5.9.10, a dangerous beast at best.
There is probably a remote buffer exploit in there.
I am fixing all the braindead usage of from64tobits without any safety
checks, as well as other bugs... BUT I can't test it very well.
Expect an untested patch shortly. It may not fix this segfault bug, but who
knows...
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh