Package: cgiemail Version: 1.6-31 Severity: important Hi, here is some code from cgiemail:
content_length= atoi(getenv("CONTENT_LENGTH"));
cgi_query=malloc(content_length+1);
if (!cgi_query)
{
formp->errcond=1;
sprintf(formp->errmsg,
"503 Couldn't allocate %d bytes of memory.",
content_length+1);
return(1);
}
This code will heavily segfault if CONTENT_LENGTH is not set
because of a NULL pointer reference for atoi.
Cheers
Nico
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.20-1-686 (SMP w/1 CPU core)
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: Digital signature
