ipop2d buffer overflow fix

From: dumped (dumpedat_private)
Date: Thu Jun 03 1999 - 13:29:05 PDT

Next message: Juergen Schmidt: "MacOS X system panic with CGI"

Previous message: Tom Rawls: "FW: a practical attack against ZKS Freedom"
Next in thread: Mark Crispin: "Re: ipop2d buffer overflow fix"
Reply: Mark Crispin: "Re: ipop2d buffer overflow fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch fixes the buffer overflow previously pointed by Thiago.


diff -Nur imap-4.4.orig/src/ipopd/ipop2d.c imap-4.4/src/ipopd/ipop2d.c
--- imap-4.4.orig/src/ipopd/ipop2d.c	Thu Jun  3 18:35:15 1999
+++ imap-4.4/src/ipopd/ipop2d.c	Thu Jun  3 18:37:02 1999
@@ -10,7 +10,10 @@
  *		Internet: MRCat_private
  *
  * Date:	28 October 1990
- * Last Edited:	13 July 1998
+ * Last Edited:	3 June 1999
+ *
+ * dumped (dumpedat_private) 3/Jun/99 :
+ * fixed a buffer overflow in c_fold()
  *
  * Copyright 1998 by the University of Washington
  *
@@ -306,7 +309,8 @@
 				/* don't permit proxy to leave IMAP */
   if (stream && stream->mailbox && (s = strchr (stream->mailbox,'}'))) {
     strncpy (tmp,stream->mailbox,i = (++s - stream->mailbox));
-    strcpy (tmp+i,t);		/* append mailbox to initial spec */
+    strncpy (tmp+i,t,sizeof(tmp) - strlen(stream->mailbox));	
+	/* append mailbox to initial spec */
     t = tmp;
   }
 				/* open mailbox, note # of messages */

Next message: Juergen Schmidt: "MacOS X system panic with CGI"
Previous message: Tom Rawls: "FW: a practical attack against ZKS Freedom"
Next in thread: Mark Crispin: "Re: ipop2d buffer overflow fix"
Reply: Mark Crispin: "Re: ipop2d buffer overflow fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:09 PDT