I wrote a private patch to provide my own (none interactive)
username/password method for the tool "mailutil" which is part of
imap-2007e and alpine-2.00.
During my tests I found, that the function mm_login in
imap-2007e/src/mailutil/mailutil.c:883 has a bug:
void mm_login (NETMBX *mb,char *username,char *password,long trial)
{
char *s,tmp[MAILTMPLEN];
sprintf (s = tmp,"{%s/%s",mb->host,mb->service);
if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",
strcpy (username,mb->user));
if (*mb->authuser) sprintf (tmp+strlen
(tmp),"/authuser=%s",mb->authuser);
if (*mb->user) strcat (s = tmp,"} password:");
else {
printf ("%s} username: ",tmp);
fgets (username,NETMAXUSER-1,stdin);
username[NETMAXUSER-1] = '\0';
if (s = strchr (username,'\n')) *s = '\0';
s = "password: ";
}
strcpy (password,getpass (s));
}
The password returned by getpass(s) could be longer than the buffer
password. Password has a fixed size buffer pwd[MAILTMPLEN]. MAILTMPLEN
is 1024 by default.
So it's easy to see the problem:
$ imap-2007e/mailutil/mailutil check '{myimapserver}INBOX'
{myimapserver} username: myusername
password: (type in or copy a text line with > 1024 characters)
Speicherzugriffsfehler (core dumped)
The easiest way to fix the problem is probably to use strncpy instead of
strcpy.
Greetings,
Björn
_______________________________________________
Imap-uw mailing list
[email protected]
http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
