On Mon, 19 Jan 2004, Anton Alin-Adrian wrote: > > Regarding latest qmail vulnerability, I coded this quickly patch. > > Please double-check me if I am wrong here. Forward this to > > freebsd-security please. > >320c320 > >< ++pos; > >--- > > > > > >> if (pos>9) ++pos; > http://www.guninski.com/qmailcrash.html
woulnd't it be better to switch pos from an int to a u_int ? or do specific bounds checking before incrementing pos ? this patch seems to _only_ increment pos if it's > 9, and reading the code will show you where you're going to get into some problems. :) Regards, /\_/\ "All dogs go to heaven." [EMAIL PROTECTED] (0 0) http://www.alphaque.com/ +==========================----oOO--(_)--OOo----==========================+ | for a in past present future; do | | for b in clients employers associates relatives neighbours pets; do | | echo "The opinions here in no way reflect the opinions of my $a $b." | | done; done | +=========================================================================+ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"