Philip Prindeville wrote:
> FWIW: I didn't see this with 2.54.
That's odd, because the bug was present in 2.54.
The problem is an off-by-one error in the function
set_slave_status_from_command. The patch below should fix it.
Please note that the error is not exploitable for the purpose of executing
arbitrary code; the only effect is that the slave can lose track of
which generation it is, and decide it needs to restart. There's a mild
DoS potential here, so I will be releasing 2.56 soon.
Regards,
David.
--- mimedefang-multiplexor.c-V255 2006-01-18 08:32:07.000000000 -0500
+++ mimedefang-multiplexor.c 2006-02-10 21:27:37.000000000 -0500
@@ -13,7 +13,7 @@
***********************************************************************/
static char const RCSID[] =
-"$Id: mimedefang-multiplexor.c,v 1.237 2006/01/18 13:16:20 dfs Exp $";
+"$Id: mimedefang-multiplexor.c,v 1.238 2006/02/11 02:24:29 dfs Exp $";
#include "config.h"
#include "event_tcp.h"
@@ -1363,7 +1363,7 @@
s->cmd = -1;
}
- while (*ptr && (*ptr != '\n') && len < MAX_STATUS_LEN) {
+ while (*ptr && (*ptr != '\n') && len < MAX_STATUS_LEN - 1) {
char c = *ptr++;
*out++ = c;
len++;
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
