Nalin Dahyabhai <nalin(_at_)redhat(_dot_)com>:
On Sun, Mar 10, 2002 at 07:02:29PM -0500, Eric S. Raymond wrote:
fetchmail-5.9.10 (Sun Mar 10 15:09:57 EST 2002), 21529 lines:
* Security fix: don't trust the message count passed back by the server.
While testing, we seem to have discovered a similar bug which allows a
malicious server to crash 5.9.10 on 64-bit boxes (or on systems where
sizeof(size_t) != sizeof(int), which is the case on the 64-bit boxes we
have here). I'm attaching our candidate patch. Comments?
Looks good. Taken.
--
<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>