Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Sat, 27 Jun 1998 20:18:47 -0300
From: "Bruno Lopes F. Cabral" <bruno@OPENLINE.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: QPOPPER problem....

Hi there.

as there was an error on the patch I took, there is a new one with
this simple change

+        vsnprintf(mp,sizeof(message) - strlen(mp) -1,format,ap);

becomes

+        vsnprintf(mp,sizeof(message) - (mp-message)- 3, format,ap);

grab the new rpm, if you wish, from the same location

ftp://ftp.openline.com.br/mirror/contrib/qpopper-2.4-3.src.rpm

!3runo

P.S. here is the _corrected_ patch and remember this is only tested
on linux. Qpopper 2.4 uses GNU autoconf and the necessary steps to
modify it to search for vsnprintf are beiond my knowledge

diff -uNr qpopper2.4-orig/pop_dropcopy.c qpopper2.4/pop_dropcopy.c
--- qpopper2.4-orig/pop_dropcopy.c      Fri Sep 12 17:23:02 1997
+++ qpopper2.4/pop_dropcopy.c   Sat Jun 27 14:41:01 1998
@@ -457,6 +457,9 @@
                    } else
                        cp = "";

+                   /* Make UIDL not longer then 128 chars, we use it
+                      in sprintf() later on */
+                   if (strlen(cp) >= 128) cp[127] = 0;
                    mp->uidl_str = (char *)strdup(cp);
                    mp->length += nchar + 1;
                    p->drop_size += nchar + 1;
diff -uNr qpopper2.4-orig/pop_log.c qpopper2.4/pop_log.c
--- qpopper2.4-orig/pop_log.c   Thu Sep 11 21:21:21 1997
+++ qpopper2.4/pop_log.c        Sat Jun 27 14:41:57 1998
@@ -47,7 +47,7 @@
 #endif

 #ifdef HAVE_VPRINTF
-        vsprintf(msgbuf,format,ap);
+        vsnprintf(msgbuf,sizeof(msgbuf),format,ap);
 #else
 # ifdef PYRAMID
         (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6);
@@ -67,6 +67,8 @@
         (void)fflush(p->trace);
     }
     else {
+        /* Protect syslog from too long messages */
+        if (strlen(msgbuf) >= 512) msgbuf[511] = 0;
         syslog (stat,"%s",msgbuf);
     }

diff -uNr qpopper2.4-orig/pop_msg.c qpopper2.4/pop_msg.c
--- qpopper2.4-orig/pop_msg.c   Thu Sep 11 21:21:41 1997
+++ qpopper2.4/pop_msg.c        Sat Jun 27 14:42:42 1998
@@ -63,7 +63,7 @@
     /*  Append the message (formatted, if necessary) */
     if (format)
 #ifdef HAVE_VPRINTF
-        vsprintf(mp,format,ap);
+        vsnprintf(mp,sizeof(message) - (mp-message)- 3, format,ap);
 #else
 # ifdef PYRAMID
         (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: