In regard to: Re: [Imap-uw] Possible buffer overflow in mailutil, Bjoern...:
Mark Crispin wrote:
Thank you for reporting this.
This is only an issue in glibc2 on some Linux systems. In other C
libraries, the data returned by getpass() is limited to PASS_MAX. The
author of glibc2 apparently thought that it would help his ideology to
abolish the use of such functions by making glibc2's getpass() return
a limitless string.
Yes, but Linux and Glibc2 are important. I also found that getpass()
works different on different systems. On Solaris 10 getpass() only
returns at most 8 characters! So getpass() seems to be an unusable
function on Solaris 10, but this is another aspect of the problem.
Until the late 90s, most UNIX systems only supported a maximum of 8
characters for the password (you could input more, but only the first 8
were significant). getpass() originated from those days, so it will
return a maximum of 8 characters.
On Solaris, there's a getpassword() function that will return more. The
8 character limit is gone on most modern systems.
Anyway, I think, the bug should be fixed for the next release of UW
Imap, Alpine etc. Who can do this? I can help with a patch and with some
testing it this is helpful.
UW laid off quite a few staff last year because of budget issues, and
IMAPd and alpine have been greatly impacted because of that. At the
time the layoffs were announced, it seemed that UW IMAP and Alpine
probably would no longer be maintained by UW. I don't know if that's
changed at all, but with Mark gone UW IMAP certainly isn't seeing the
kind of attention it had before.
Mark has his own fork of UW IMAP now. If an IMAP daemon compatible with
UW IMAPd is important to you and you have the budget, you might want to
consider that version. He's made a number of improvements to his version
that are not present in UW IMAPd.
Tim
--
Tim Mooney moo...@dogbert.cc.ndsu.nodak.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
