Re: Qmail integer overflow in 1.03/1.04

Le 04-01-15, à 20:36, James Couzens a écrit :

James Craig Burley <craig(_at_)jcb-sc(_dot_)com>'s patch is attached to this
message, and is also available for download from libspf.org.  I have
tested this patch against the published exploit code and its solid.

http://libspf.org/files/qmail-1.03.integer.overflow.patch


The patch looks bogus to me:
*** 317,322 ****
          if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
          if (flagmaybey) if (pos == 1) flaginheader = 0;
        }
-       ++pos;

if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez= 1; }

      }
--- 317,322 ----
          if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
          if (flagmaybey) if (pos == 1) flaginheader = 0;
+       ++pos;
        }

if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez= 1; }

      }

GFK's
--
Guillaume Filion, ing. jr
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt

To unsubscribe, change your address, or temporarily deactivate your subscription,please go to http://v2.listbox.com/member/?listname(_at_)½§ÅvÂ¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: proposed PGP mechanism for SPF, guillaume

Next by Date:

Re: Qmail integer overflow in 1.03/1.04 - PATCH RELEASED, guillaume

Previous by Thread:

Qmail integer overflow in 1.03/1.04 - PATCH RELEASED, James Couzens

Next by Thread:

Re: Qmail integer overflow in 1.03/1.04 - PATCH RELEASED, guillaume

Indexes:

[Date] [Thread] [Top] [All Lists]