Um, qpopper doesn't receive packets. The kernel, via the stack,
receive packets. While QPopper could receive and examine each
packet, it uses higher level system calls.
Should input from the sender be trusted? Hell, no. IMHO,
NO input should be used without examination. Program so that
you presume that inetd has been compromised.
But that packet -> input line conversion is done before the
application ever sees it. Whether your program sends 1
char/packet or a whole line, the Application has no awareness
of that.
Quoting Carles Xavier Munyoz Bald� ([EMAIL PROTECTED]):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Monday 28 May 2001 16:46, Gregory Hicks wrote:
> > I've always found that, when testing software, one should test software
> > in the mode it was designed for... Ie: if the software is designed to
[...]
> One of the most important tasks of a software developer is the syntax parse
> of the inputs received from the users.
> If this task is not done well, you will have problems like buffer overflows,
> segmentation faults, security problems, etc...
