Date: Sun, 28 Jun 1998 01:41:57 -0700 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: freebsd-security@FreeBSD.ORG, igor@alecto.physics.uiuc.edu (Igor Roshchin) Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT Message-ID: <4071.899023317@time.cdrom.com> In-Reply-To: Your message of "Sat, 27 Jun 1998 19:23:54 CDT." <199806280023.TAA04462@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've just downloaded "popper" directory from > ftp://ftp.freebsd.org/.25/FreeBSD/FreeBSD-current/ports/mail > It is still missing patch for the "UIDL" problem > (pop_dropcopy.c) > > Several people had suggestion looking like: > if (strlen(cp) >= 128) cp[127] = 0; I don't see the sense of this. If you look at the code, the length of this string is always known and the test suggested above would accomplish *nothing*. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4071.899023317>