Re: imap mailbox killer
Package: imap
Version: 4.7c-1
Severity: important
On Thu 31 Aug 2000, Paul Slootman wrote:
> Yuck. Smells like a serious buffer overflow somewhere.
Upon a quick glance, there indeed appears to be no checks at all
for buffer overflows. A buf of 8k is allocated into which the
From:, Status:, X-Status, and X-Keywords: headers are placed,
with simple
sprintf (buf + strlen (buf),"...
commands. So having extremely long X-Keywords in mail messages
will screw things up. Double yuck.
This is in imap-4.7c/src/osdep/unix/unix.c BTW.
See the original message and the accompanying thread in debian-devel,
archive/latest/67244 , Message-ID <[🔎] 39AD820C.6AD0818C@axis.com> from
Cristian Ionescu-Idbohrn <cii@axis.com>
Paul Slootman
--
home: paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work: paul@murphy.nl http://www.murphy.nl/
debian: paul@debian.org http://www.debian.org/
isdn4linux: paul@isdn4linux.de http://www.isdn4linux.de/
Reply to: