[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: imap mailbox killer

Package: imap
Version: 4.7c-1
Severity: important

On Thu 31 Aug 2000, Paul Slootman wrote:

> Yuck. Smells like a serious buffer overflow somewhere.

Upon a quick glance, there indeed appears to be no checks at all
for buffer overflows. A buf of 8k is allocated into which the
From:, Status:, X-Status, and X-Keywords: headers are placed,
with simple 

	sprintf (buf + strlen (buf),"...

commands. So having extremely long X-Keywords in mail messages
will screw things up. Double yuck.

This is in imap-4.7c/src/osdep/unix/unix.c BTW.

See the original message and the accompanying thread in debian-devel,
archive/latest/67244 , Message-ID <[🔎] 39AD820C.6AD0818C@axis.com> from
Cristian Ionescu-Idbohrn <cii@axis.com>


Paul Slootman
-- 
home:       paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work:       paul@murphy.nl       http://www.murphy.nl/
debian:     paul@debian.org      http://www.debian.org/
isdn4linux: paul@isdn4linux.de   http://www.isdn4linux.de/
Reply to: