On Tue, 11 Aug 1998, D.A. Harris wrote:
Maybe the point of the note I saw was that there are numerous strcpy,
strcmp, and strcat's that exist in procmail's source, which might need
conversion to strncpy, etc, etc., so as to minimize potential future
buffer overflows.
Yes, that was the point. Procmail itself hasn't been audited for buffer
overflows, therefore *may* be vulnerable.
Is anybody here familiar with the source and willing to take a shot at
auditing it? I've heard that the source code is difficult to work with.
--
John Hardin KA7OHZ
jhardin(_at_)wolfenet(_dot_)com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
74 days until Daylight Savings Time ends