On 12 August 1998, John D. Hardin <jhardin(_at_)wolfenet(_dot_)com> wrote:
On Tue, 11 Aug 1998, D.A. Harris wrote:
Maybe the point of the note I saw was that there are numerous
strcpy, strcmp, and strcat's that exist in procmail's source, which
might need conversion to strncpy, etc, etc., so as to minimize
potential future buffer overflows.
Yes, that was the point. Procmail itself hasn't been audited for
buffer overflows, therefore *may* be vulnerable.
Is anybody here familiar with the source and willing to take a shot
at auditing it? I've heard that the source code is difficult to work
with.
Take a look at the sources sometimes when you're in the mood for a
good laugh. :-) I'm actually surprised that so many people have been
using Procmail for so long, and nobody bothered to start a project for a
mail filter on sane basis yet. By that I mean a "real" replacement for
procmail, not a toy like Maildrop.
Regards,
Liviu
--
Dr. Liviu Daia e-mail: daia(_at_)stoilow(_dot_)imar(_dot_)ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: finger
daia(_at_)stoilow(_dot_)imar(_dot_)ro