Re: imap mailbox killer
On Thu 31 Aug 2000, Paul Slootman wrote:
> Yuck. Smells like a serious buffer overflow somewhere.
Upon a quick glance, there indeed appears to be no checks at all
for buffer overflows. A buf of 8k is allocated into which the
From:, Status:, X-Status, and X-Keywords: headers are placed,
sprintf (buf + strlen (buf),"...
commands. So having extremely long X-Keywords in mail messages
will screw things up. Double yuck.
This is in imap-4.7c/src/osdep/unix/unix.c BTW.
See the original message and the accompanying thread in debian-devel,
archive/latest/67244 , Message-ID <39AD820C.6AD0818C@axis.com> from
Cristian Ionescu-Idbohrn <email@example.com>
home: firstname.lastname@example.org http://www.wurtel.demon.nl/
work: email@example.com http://www.murphy.nl/
debian: firstname.lastname@example.org http://www.debian.org/
isdn4linux: email@example.com http://www.isdn4linux.de/