tags patch thanks It appears that the remote buffer overflow vulnerability can be averted with a simple change to main.c:922. Use vsnprintf to cap the size to (sizeof p).
Note that the original report mentions format string vulnerabilities as well. Indeed, this same function, message(), is vulnerable, since a remote server may control the string argument. This problem could be solved by escaping escape sequences (especially % ones). At least the following are remotely controllable by mallicious entities: remote file name ftp directories hostnames Others such as the username should also be escaped for correctness. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
