Arno Garrels wrote:
> David Colliver wrote:
>> It however does look like it is my side.
> 
> Check your code in OnDataAvailable events.
> A connection should be dropped (may be with an error response)
> if a client attempts to send lines longer than the receive buffer
> size or longer than the maximum allowed line length specified in the
> SMTP which is 1024 bytes.

If you use LineMode TWSocket provides a built-in check since 2000, see
property LineLimit as well as event OnLineLimitExceeded.

--
Arno Garrels [TeamICS]
http://www.overbyte.be/eng/overbyte/teamics.html


> 
> --
> Arno Garrels [TeamICS]
> http://www.overbyte.be/eng/overbyte/teamics.html
> 
> 
>> 
>> Francois, whilst I was writing this, I got your response... I am now
>> looking it it.
>> 
>> Sorry for disturbing you all and thanks again for the help.
>> 
>> Best regards,
>> Dave Colliver.
>> http://www.AshfieldFOCUS.com
>> ~~
>> http://www.FOCUSPortals.com - Local franchises available
>> ----- Original Message -----
>> From: "Piotr Dalek" <[EMAIL PROTECTED]>
>> To: "ICS support mailing" <twsocket@elists.org>
>> Sent: Friday, March 16, 2007 8:57 PM
>> Subject: Re: [twsocket] Buffer overflow in SMTP
>> 
>> 
>>> David Colliver napisal(a):
>>>> Try this
>>>> http://secunia.com/advisories/22559/
>>>> 
>>>> There are two mentions of it. This one for SMTP, the other for the
>>>> POP3.
>>>> 
>>>> The software I developed was a mailserver.
>>> 
>>> Now that's a whole different thing! I don't remember that ICS
>>> has/had any SMTP/POP3 _server_ components, so you're forced to find
>>> a bug on your own.
>>> 
>>>> It has client components and
>>>> server components to handle both sides... One to receive SMTP, the
>>>> other to
>>>> send SMTP, one to receive POP3, the other to send POP3.
>>>> 
>>>> It is the server side that is being exploited.
>>>> 
>>>> This one has more information, including code to exploit it.
>>>> http://www.securityfocus.com/bid/20709
>>>> 
>>>> I am just about to upload a probable fix to my initial server.
>>> 
>>> It seems to be easy one. Just check whether you use some kind of
>>> stack buffer, like this:
>>> 
>>> var
>>>  buffer: array[1..4096] of char
>>> 
>>> or something like
>>> 
>>> var
>>>  buffer: string;
>>> [..]
>>> SetLength(buffer, 4096);
>>> 
>>> and then you use
>>> 
>>> move([source], buffer[1], [any length]);
>>> 
>>> without checking whether [any length]<=4096 or not.
>>> Yes, such mistakes are then taken as a whole great buffer overflows
>>> and extremely critical "system access" and/or "DoS" security
>>> vulnerabilities. ;)
>>> 
>>> Good luck!
>>> 
>>> --
>>> .oooO  /~) (~\  Oooo.  "Programowanie to   |        Piotr Dalek
>>> (   ) / (   ) \ (   ) *najprzyjemniejsza*  |  
>>> [EMAIL PROTECTED]  \ ( (   ) (   ) ) /   rzecz, jaka mozna   |
>>> http://www.hcm.prv.pl/   \_)'oooO Oooo'(_/     robic w ubraniu"   |
>>> 
>>> --------------------------------------------------------------------
>>> - - Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
>>> 
>>> --
>>> To unsubscribe or change your settings for TWSocket mailing list
>>> please goto http://www.elists.org/mailman/listinfo/twsocket
>>> Visit our website at http://www.overbyte.be
-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to