Re: Buffer overrun vulnerability?

2000-08-04 Thread Gold Gaurami

Hello W. and everyone else...

WNK Is The Bat! subject to the same kind of buffer overflow exploit to which
WNK other email clients are susceptible?  (e.g. too long a subject line
WNK etc...)

Well, I don't know how long "too long" is... But I just sent myself a
mail from a command-line mailer with a subject 32,748 bytes long, and
TB receives and displays it just fine. Well, pretty much. For some
reason, the string "Length=97" was appended to the end of the subject
string. Curious.

I originally wanted to send a subject somewhere around 85k but my
ISP's STMP server wouldn't let a message with headers  32k be sent!

--
Gold Gauramimailto:[EMAIL PROTECTED]

Atheism: A Non-Prophet Organization

   //Flying high with The Bat! v1.46 Beta/2
   //Over the land of Win98 v4.10 build 1998
   //Fueled by an AMD K6-2 400mhz, 128mb RAM, and fusion.

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   mailto:[EMAIL PROTECTED]
To Unsubscribe from TBUDL, double click here and send the message:
   mailto:[EMAIL PROTECTED]
--

You are subscribed as : archive@jab.org





Re: Buffer overrun vulnerability?

2000-08-04 Thread Steve Lamb

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Friday, August 04, 2000, 12:43:54 AM, Gold wrote:
 mail from a command-line mailer with a subject 32,748 bytes long, and
 TB receives and displays it just fine. Well, pretty much. For some
 reason, the string "Length=97" was appended to the end of the subject
 string. Curious.

32768 = 32k.  A line needs a LF, as a minimum, to demark the next line.
No room for the newline, the next header is appended to the same line.  :)


- --
 Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
 ICQ: 5107343  | main connection to the switchboard of souls.
- ---+-

-BEGIN PGP SIGNATURE-
Version: PGP 6.5i

iQA/AwUBOYqCd3pf7K2LbpnFEQI9vQCfRaJWgCOTHwrJ8jtM4WX4IBeAsWwAoPjy
ClcK9T+Dtl2QfuUdI3SN+aVi
=oV/D
-END PGP SIGNATURE-

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   mailto:[EMAIL PROTECTED]
To Unsubscribe from TBUDL, double click here and send the message:
   mailto:[EMAIL PROTECTED]
--

You are subscribed as : archive@jab.org





Re: Buffer overrun vulnerability?

2000-08-03 Thread Marck D. Pearlstone

Hi W.,

On 03 August 2000 at 10:31:47 GMT -0400 (which was 15:31 where I
live) [EMAIL PROTECTED] wrote and made these points on the subject
of "Buffer overrun vulnerability?":

WNK Hi-  I  apologize  if this question has been raised before, but I
WNK couldn't find mention of it when searching the list archives...

WNK Is The Bat! subject to the same kind of buffer overflow exploit
WNK to which other email clients are susceptible? (e.g. too long a
WNK subject line etc...)

I  don't  believe  it  is  at  all.  IMHO  being written in Delphi - a
language  which  uses  dynamic  strings  as  part  of  the fundamental
linguistic  basis  and  not fixed sized buffers like C and C++ - would
take it completely away from that kind of issue anyway.

Anyone else got any other views on this?

-- 
Cheers,
.\\arck

Marck D. Pearlstone, Consultant Software Engineer
Moderator TBUDL / TBBETA
www: http://www.silverstones.com
PGP key: mailto:[EMAIL PROTECTED]?Body=GET%20MARCKKEY
*---
| Using The Bat! 1.46 Beta/2 S/N 14F4B4B2
| under Windows 98 4.10 Build 1998  
*---

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   mailto:[EMAIL PROTECTED]
To Unsubscribe from TBUDL, double click here and send the message:
   mailto:[EMAIL PROTECTED]
--

You are subscribed as : archive@jab.org