On Sat, Mar 16, 2002 at 08:30:50AM -0500, Alan Brown wrote:
> I haven't seen this reported here
I've corresponded briefly with the author and tried to reproduce it.
I can't see the problem as described on any of my BSD/OS systems, e.g.
when pasting a string of 2560 'a's at the initial prompt ('user'
command input state.) qpopper reports a -ERR error message and, yes,
fails to exit promptly as it should, but unlike the problem description
it takes 0.0% CPU and terminates normally when the socket connection is
broken by disconnecting.
I think it must be an OS-dependent problem, though there clearly is a
bug there in its not cutting off the client promptly after the error.
-- Clifton
> ---------- Forwarded message ----------
> Date: 15 Mar 2002 01:51:10 -0000
> From: Dustin Childers <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Bug in QPopper (All Versions?)
>
>
> Description:
> When sending a string that has 2048+ characters in
> it, the
> in.qpopper or popper process will begin to use
> massive
> amounts of CPU and will not stop until it is manually
> killed.
>
> Versions Affected:
> I tested this on 4.0.1 and 4.0.3.
> 4.0.2 is probably vulnerable also.
> Older versions may also be vulnerable. I haven't
> tested those.
>
> This works locally and remotely.
>
> Patch Information:
> I attempted to patch this but I was not successful. I
> found
> that the most reasonable place for this would be the
> msg_buf
> in popper/main.c or msg_buf in
> password/poppassd.c.
>
> Dustin E. Childers
> Security Administrator
> http://www.digitux.net/
--
Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED]
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
