Package: imap
Version: 4.7c-1
Severity: important
On Thu 31 Aug 2000, Paul Slootman wrote:
> Yuck. Smells like a serious buffer overflow somewhere.
Upon a quick glance, there indeed appears to be no checks at all
for buffer overflows. A buf of 8k is allocated into which the
From:, Status:, X-Status, and X-Keywords: headers are placed,
with simple
sprintf (buf + strlen (buf),"...
commands. So having extremely long X-Keywords in mail messages
will screw things up. Double yuck.
This is in imap-4.7c/src/osdep/unix/unix.c BTW.
See the original message and the accompanying thread in debian-devel,
archive/latest/67244 , Message-ID <[EMAIL PROTECTED]> from
Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]>
Paul Slootman
--
home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/
work: [EMAIL PROTECTED] http://www.murphy.nl/
debian: [EMAIL PROTECTED] http://www.debian.org/
isdn4linux: [EMAIL PROTECTED] http://www.isdn4linux.de/
