Re: Buffer overrun vulnerability?

2000-08-04 Thread Steve Lamb 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Friday, August 04, 2000, 12:43:54 AM, Gold wrote:
> mail from a command-line mailer with a subject 32,748 bytes long, and
> TB receives and displays it just fine. Well, pretty much. For some
> reason, the string "Length=97" was appended to the end of the subject
> string. Curious.

32768 = 32k.  A line needs a LF, as a minimum, to demark the next line.
No room for the newline, the next header is appended to the same line.  :)


- --
 Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
 ICQ: 5107343  | main connection to the switchboard of souls.
- ---+-

-BEGIN PGP SIGNATURE-
Version: PGP 6.5i

iQA/AwUBOYqCd3pf7K2LbpnFEQI9vQCfRaJWgCOTHwrJ8jtM4WX4IBeAsWwAoPjy
ClcK9T+Dtl2QfuUdI3SN+aVi
=oV/D
-END PGP SIGNATURE-

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   
To Unsubscribe from TBUDL, double click here and send the message:
   
--

You are subscribed as : archive@jab.org

Re: Buffer overrun vulnerability?

2000-08-04 Thread Gold Gaurami 

Hello W. and everyone else...

WNK> Is The Bat! subject to the same kind of buffer overflow exploit to which
WNK> other email clients are susceptible?  (e.g. too long a subject line
WNK> etc...)

Well, I don't know how long "too long" is... But I just sent myself a
mail from a command-line mailer with a subject 32,748 bytes long, and
TB receives and displays it just fine. Well, pretty much. For some
reason, the string "Length=97" was appended to the end of the subject
string. Curious.

I originally wanted to send a subject somewhere around 85k but my
ISP's STMP server wouldn't let a message with headers > 32k be sent!

--
Gold Gauramimailto:[EMAIL PROTECTED]

Atheism: A Non-Prophet Organization

   //Flying high with The Bat! v1.46 Beta/2
   //Over the land of Win98 v4.10 build 1998
   //Fueled by an AMD K6-2 400mhz, 128mb RAM, and fusion.

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   
To Unsubscribe from TBUDL, double click here and send the message:
   
--

You are subscribed as : archive@jab.org

Re: Buffer overrun vulnerability?

2000-08-03 Thread Marck D. Pearlstone 

Hi W.,

On 03 August 2000 at 10:31:47 GMT -0400 (which was 15:31 where I
live) [EMAIL PROTECTED] wrote and made these points on the subject
of "Buffer overrun vulnerability?":

WNK> Hi-  I  apologize  if this question has been raised before, but I
WNK> couldn't find mention of it when searching the list archives...

WNK> Is The Bat! subject to the same kind of buffer overflow exploit
WNK> to which other email clients are susceptible? (e.g. too long a
WNK> subject line etc...)

I  don't  believe  it  is  at  all.  IMHO  being written in Delphi - a
language  which  uses  dynamic  strings  as  part  of  the fundamental
linguistic  basis  and  not fixed sized buffers like C and C++ - would
take it completely away from that kind of issue anyway.

Anyone else got any other views on this?

-- 
Cheers,
.\\arck

Marck D. Pearlstone, Consultant Software Engineer
Moderator TBUDL / TBBETA
www: http://www.silverstones.com
PGP key: <mailto:[EMAIL PROTECTED]?Body=GET%20MARCKKEY>
*---
| Using The Bat! 1.46 Beta/2 S/N 14F4B4B2
| under Windows 98 4.10 Build 1998  
*---

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Buffer overrun vulnerability?

2000-08-03 Thread W. Nicholas Knisely 

8/3/2000 at 10:28 AM

Hi- I apologize if this question has been raised before, but I couldn't
find mention of it when searching the list archives...

Is The Bat! subject to the same kind of buffer overflow exploit to which
other email clients are susceptible?  (e.g. too long a subject line
etc...)

Thanks in advance- and a lovely program by the way.

-- 
-Nick+

(The Rev.) W. Nicholas Knisely   [EMAIL PROTECTED]
 Trinity Episcopal Church[EMAIL PROTECTED]
 Bethlehem, PA   www.trinitybeth.org

When in danger or in doubt, run in circles, scream and shout. -Robert Heinlein.

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   
To Unsubscribe from TBUDL, double click here and send the message:
   
--

You are subscribed as : archive@jab.org