Le 04-01-15, à 20:36, James Couzens a écrit :
James Craig Burley <craig(_at_)jcb-sc(_dot_)com>'s patch is attached to this
message, and is also available for download from libspf.org. I have
tested this patch against the published exploit code and its solid.
http://libspf.org/files/qmail-1.03.integer.overflow.patch
The patch looks bogus to me:
*** 317,322 ****
if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
if (flagmaybey) if (pos == 1) flaginheader = 0;
}
- ++pos;
if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez
= 1; }
}
--- 317,322 ----
if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
if (flagmaybey) if (pos == 1) flaginheader = 0;
+ ++pos;
}
if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez
= 1; }
}
GFK's
--
Guillaume Filion, ing. jr
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com