tag 352482 security
thanks
On Sun, Feb 12, 2006 at 10:34:54AM +0100, Ulf Harnhammar wrote:
> Subject: metamail: crashes with very long boundaries in messages
> Package: metamail
> Version: 2.7-50
BTW, what is in ./metamail, rather than ./src/metamail/??
Is it a different source version?? It has, instead, on line 447:
LineBuf = malloc(LINE_BUF_SIZE);
if (!LineBuf) ExitWithError(nomem);
sprintf(LineBuf, "--%s", boundary);
> I have found that metamail crashes when processing messages with
> very long boundaries. They cause a buffer overflow, which doesn't
> seem to be exploitable:
How is this not [potentially] exploitable?
Justin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
