[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] nmh 1.2 failed in doing smtp authentication

From: Peter Maydell
Subject: Re: [Nmh-workers] nmh 1.2 failed in doing smtp authentication
Date: Thu, 01 May 2008 09:52:48 +0100

Peter Maydell wrote:
>I'm glad I did that, because smhear() appears to have had in it for a decade
>completely broken accounting of the space left in the reply buffer in the
>case where there's a continuation line from the SMTP server.
>I think this is at least potentially a security hole in that if you connect
>to a malicious SMTP server it could send you lines which result in an overrun
>of the (global) buffer and (maybe) execution of arbitrary code.

Closer examination of the surrounding code leads me to think that you
can't overrun the buffer by more than a few bytes (you can't get to
the offending bit of code more than once even in a multi-line SMTP
response). So it's not as bad as I'd feared it might be, and I don't
think it's exploitable.

-- PMM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]