> Package: imap > Version: 4.7c-1 > Severity: important > > On Thu 31 Aug 2000, Paul Slootman wrote: > > > Yuck. Smells like a serious buffer overflow somewhere. > > Upon a quick glance, there indeed appears to be no checks at all > for buffer overflows. A buf of 8k is allocated into which the > From:, Status:, X-Status, and X-Keywords: headers are placed, > with simple > > sprintf (buf + strlen (buf),"... > > commands. So having extremely long X-Keywords in mail messages > will screw things up. Double yuck. > > This is in imap-4.7c/src/osdep/unix/unix.c BTW. > > See the original message and the accompanying thread in debian-devel, > archive/latest/67244 , Message-ID <[EMAIL PROTECTED]> from > Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]>
This definately needs to be passed upstream... My mailbox was screwed up as well, and I get my mail from a Solaris box, not a Debian one. > > > Paul Slootman > -- > home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/ > work: [EMAIL PROTECTED] http://www.murphy.nl/ > debian: [EMAIL PROTECTED] http://www.debian.org/ > isdn4linux: [EMAIL PROTECTED] http://www.isdn4linux.de/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Buddha Buck [EMAIL PROTECTED] "Just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects." -- A.L.A. v. U.S. Dept. of Justice
