[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: QPOPPER problem....



Hi there

Here is the proper join of Miquel van Smoorenburg and Roy Hooper
security patches applied to qpopper 2.4.

as I mantain the rpm version of pammified qpopper, you could grab everything
from ftp://ftp.openline.com.br/mirror/contrib/qpopper-2.4-2.src.rpm

!3runo

diff -uNr qpopper2.4-orig/pop_dropcopy.c qpopper2.4/pop_dropcopy.c
--- qpopper2.4-orig/pop_dropcopy.c	Fri Sep 12 17:23:02 1997
+++ qpopper2.4/pop_dropcopy.c	Sat Jun 27 14:41:01 1998
@@ -457,6 +457,9 @@
 		    } else
 			cp = "";
 
+                   /* Make UIDL not longer then 128 chars, we use it
+                      in sprintf() later on */
+                   if (strlen(cp) >= 128) cp[127] = 0; 
 		    mp->uidl_str = (char *)strdup(cp);
 		    mp->length += nchar + 1;
 		    p->drop_size += nchar + 1;
diff -uNr qpopper2.4-orig/pop_log.c qpopper2.4/pop_log.c
--- qpopper2.4-orig/pop_log.c	Thu Sep 11 21:21:21 1997
+++ qpopper2.4/pop_log.c	Sat Jun 27 14:41:57 1998
@@ -47,7 +47,7 @@
 #endif
 
 #ifdef HAVE_VPRINTF
-        vsprintf(msgbuf,format,ap);
+        vsnprintf(msgbuf,sizeof(msgbuf),format,ap);
 #else
 # ifdef PYRAMID
         (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6);
@@ -67,6 +67,8 @@
         (void)fflush(p->trace);
     }
     else {
+        /* Protect syslog from too long messages */
+        if (strlen(msgbuf) >= 512) msgbuf[511] = 0; 
         syslog (stat,"%s",msgbuf);
     }
 
diff -uNr qpopper2.4-orig/pop_msg.c qpopper2.4/pop_msg.c
--- qpopper2.4-orig/pop_msg.c	Thu Sep 11 21:21:41 1997
+++ qpopper2.4/pop_msg.c	Sat Jun 27 14:42:42 1998
@@ -63,7 +63,7 @@
     /*  Append the message (formatted, if necessary) */
     if (format) 
 #ifdef HAVE_VPRINTF
-        vsprintf(mp,format,ap);
+        vsnprintf(mp,sizeof(message) - strlen(mp) -1,format,ap);
 #else
 # ifdef PYRAMID
         (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []