A NOTE has been added to this issue. 
====================================================================== 
http://dbmail.org/mantis/view.php?id=842 
====================================================================== 
Reported By:                bjohnson
Assigned To:                
====================================================================== 
Project:                    DBMail
Issue ID:                   842
Category:                   Authentication layer
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     new
target:                      
====================================================================== 
Date Submitted:             26-Mar-10 04:03 CET
Last Modified:              14-Apr-10 16:02 CEST
====================================================================== 
Summary:                    stack smashing in usermap code
Description: 
Original bug reported here.

http://permalink.gmane.org/gmane.mail.imap.dbmail/13033
====================================================================== 

---------------------------------------------------------------------- 
 (0003036) lonish (reporter) - 14-Apr-10 16:02
 http://dbmail.org/mantis/view.php?id=842#c3036 
---------------------------------------------------------------------- 
We have detected the same problem and behaviour with POP3 and IMAP servers
on
RHEL5 i386.

Looks like the cause of stack smashing is too small size returned by
sizeof(struct sockaddr_storage) function in case if IPv6 protocol is
enabled.

Our quick fix patch which has solved the problem:

--- dbmail-2.2.15.orig/db.c     2010-04-14 15:20:15.000000000 +0300
+++ dbmail-2.2.15.test/db.c     2010-04-14 15:20:34.000000000 +0300
@@ -4698,7 +4698,7 @@
        } else {
                /* get the socket the client is connecting on */
                int serr;
-                socklen_t len = sizeof(struct sockaddr_storage);
+               socklen_t len = sizeof(saddr);
                 char host[NI_MAXHOST], serv[NI_MAXSERV];

                 if (getsockname(fileno(ci->tx), &saddr, &len) < 0) {



Thank you,

Leontiy Onishchuk
Fine Soft Studio 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
26-Mar-10 04:03  bjohnson       New Issue                                    
06-Apr-10 09:10  lemmster       Issue Monitored: lemmster                    
14-Apr-10 16:02  lonish         Note Added: 0003036                          
======================================================================

_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev

Reply via email to