Re: SPF in MTAs

On Sat, 2004-02-07 at 09:39, Gregory Neil Shapiro wrote:
> 5. There are remotely exploitable buffer overflows in the code.  One
>    such example is SPF_smtp_helo() which is given the HELO arg provided
>    by the connecting site. dbg_print() is called with that argument
>    which is mapped to _printf_dbg(). _printf_dbg() uses vsprintf()
>    into a fixed size string.  All an attacker needs to do if provide a
>    sufficiently long HELO argument.
This point is moot, as only a complete idiot would run libspf compiled
with debugging code in a production server.  And even if they were a
simple change to using vsnprintf is sufficient.  Surprised to see you
raise such a non-issue, further compromised by the fact that the current
sendmail patch is not even current with the API as has been stated in
the last several releases and is awaiting being updated to match.

> As mentioned above, I encourage you to create a Milter instead of
> patching sendmail directly.  You'll get a much larger adoption rate.
I propose doing both.  Having never written a Milter before, I provide
the community with a patch against sendmail.  Should I get time to learn
how to write a Milter, perhaps I shall, or perhaps someone with some
Milter experience could handle this?

Cheers,

James
 
-- 
James Couzens,
Programmer

Current projects:
http://libspf.org

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

signature.asc
Description: This is a digitally signed message part