On Sat, 2004-02-07 at 09:39, Gregory Neil Shapiro wrote:
5. There are remotely exploitable buffer overflows in the code. One
such example is SPF_smtp_helo() which is given the HELO arg provided
by the connecting site. dbg_print() is called with that argument
which is mapped to _printf_dbg(). _printf_dbg() uses vsprintf()
into a fixed size string. All an attacker needs to do if provide a
sufficiently long HELO argument.
This point is moot, as only a complete idiot would run libspf compiled
with debugging code in a production server. And even if they were a
simple change to using vsnprintf is sufficient. Surprised to see you
raise such a non-issue, further compromised by the fact that the current
sendmail patch is not even current with the API as has been stated in
the last several releases and is awaiting being updated to match.
As mentioned above, I encourage you to create a Milter instead of
patching sendmail directly. You'll get a much larger adoption rate.
I propose doing both. Having never written a Milter before, I provide
the community with a patch against sendmail. Should I get time to learn
how to write a Milter, perhaps I shall, or perhaps someone with some
Milter experience could handle this?
Cheers,
James
--
James Couzens,
Programmer
Current projects:
http://libspf.org
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com
signature.asc
Description: This is a digitally signed message part