Menu
▾
▴
Re: [SM-imapproxy] Buffer overflow - crash or security issue?
|
From: Paul L. <pa...@sq...> - 2012-08-13 00:40:42
|
Hi Tim, > I maintain the IMAP Proxy package in EPEL[1], and I was prompted to look at a > patch guarding against a possible buffer overflow that is checked into the > source tree, but has not yet made it into a release: > > http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/trunk/imap_proxy/src/request.c?r1=14069&r2=14071 > > Is this just a crash bug or does it have security implications? I don't know as there are any real world implications of this issue - it's just one of correct semantics. That is, the size given is much larger than what was allocated, however, the static string being assigned is also significantly within the allocated memory. The commit comments are probably misleading. Again, there was no bug here. The change just clarifies the code so no one makes a mistake about the size of that variable in the future. > Looking at the ChangeLog, I see that there are also quite a few improvements > that have been made over time since the l.2.7 release. Are there any plans for > a new release? Yes, it's on the radar, but we're not yet at the point where we can commit to a firm ETA. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |