On Sat, Mar 16, 2002 at 08:30:50AM -0500, Alan Brown wrote: > I haven't seen this reported here
I've corresponded briefly with the author and tried to reproduce it. I can't see the problem as described on any of my BSD/OS systems, e.g. when pasting a string of 2560 'a's at the initial prompt ('user' command input state.) qpopper reports a -ERR error message and, yes, fails to exit promptly as it should, but unlike the problem description it takes 0.0% CPU and terminates normally when the socket connection is broken by disconnecting. I think it must be an OS-dependent problem, though there clearly is a bug there in its not cutting off the client promptly after the error. -- Clifton > ---------- Forwarded message ---------- > Date: 15 Mar 2002 01:51:10 -0000 > From: Dustin Childers <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Bug in QPopper (All Versions?) > > > Description: > When sending a string that has 2048+ characters in > it, the > in.qpopper or popper process will begin to use > massive > amounts of CPU and will not stop until it is manually > killed. > > Versions Affected: > I tested this on 4.0.1 and 4.0.3. > 4.0.2 is probably vulnerable also. > Older versions may also be vulnerable. I haven't > tested those. > > This works locally and remotely. > > Patch Information: > I attempted to patch this but I was not successful. I > found > that the most reasonable place for this would be the > msg_buf > in popper/main.c or msg_buf in > password/poppassd.c. > > Dustin E. Childers > Security Administrator > http://www.digitux.net/ -- Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau