On Sun, Mar 17, 2002 at 09:18:40PM +0100, Michael Zimmermann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > As it's now allready on the air, you all may want to have a look at > Dustin Childers info about the bug (including a patch) > > http://www.digitux.net/security/advisories.html?id=34&display=info > > My advice is it, to update NOW. The error gives an all too easy DOS.
A further heads-up - I am not an expert on this part of the popper code, but looking at where that patch goes in context, the fix does *not* look right, and it looks to me like it could break this whole area under other boundary conditions. There's already logic in the code to read and discard data that overflows the buffer, though for some reason it's not working in this case; and I think the supplied patch might break it further, possibly triggering a SEGFAULT on the line where that "break" ends up if debugging is enabled. I would not blindly trust it. (If anything, I think that "break" needs to become a "next" if there was simply no data to read at that point, along with some extra checks for possible system call errors.) -- Clifton -- Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
