CVS log for ports/mail/qpopper/files/Attic/patch-popper::popper.c
![[BACK]](/gifs/back.gif){kind=small}
Up to [FreeBSD] / ports / mail / qpopper / files
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.2
Tue Apr 30 20:05:13 2002 UTC (9 years, 9 months ago) by lioux
Branches: MAIN
CVS tags: HEAD
FILE REMOVED
Changes since revision 1.1: +0 -0 lines
o Update to 4.0.4 o Add options: - WITH_PAM and WITH_STANDALONE_MODE [1] - WITHOUT_IPV6 [2] - WITHOUT_U_OPTION [3] o Remove patch merged into distribution Submitted by: Sean Wal <sean0x77@yahoo.com> [1] Prompted by: too many [2], "Karsten W. Rohrbach" <karsten@rohrbach.de> [3]
Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun Mar 31 08:20:28 2002 UTC (9 years, 10 months ago) by lioux
Branches: MAIN
CVS tags: RELEASE_5_0_DP1
Fix following security issue: "If a string of longer than approximately 2048 characters is sent to the qpopper process, a denial of service condition will occur" Actually, this is caused by an incorrect assumption. qpopper uses the same buffer over and over when communicating. However, it never makes sure that the buffer has been updated if something goes wrong. Therefore, one can try to add to this buffer over and over; thus, consuming available resources. Solution, do not follow unofficial patch available in bugtraq mailing list since losing pointer references is not an option. Otherwise, change the way both getline and tgetline functions work. Just so that they resemble read(2) return codes as follows: 1) if < 0 problem 2) if >= 0 user typed something (enter without anything else is something) First patch sent by Isao SEKI <iseki@gongon.com> PR: 36326 Prompted by: Alessandro de Manzano <ale@unixmania.net>, Isao SEKI <iseki@gongon.com> Reviewed by: eivind, Alessandro de Manzano <ale@unixmania.net>, David Rufino <dr@soniq.net>, Isao SEKI <iseki@gongon.com>