hotsmtpd not checking input
Brought to you by:
courierdave
The hotsmtp functions like auth_cmd don't seem to be
checking that argc is long enough before indexing argv.
So simply giving a short number of arguments causes
the service to segfault and die.
Example:
$ echo -e "HELO foo.com\nAUTH foo" | ./hotsmtpd
220 eschew SMTP hotsmtpd v0.8. ESMTP-HTTPMail Gateway
based on hotwayd.
250-foo.com Pleased to meet you
segmentation fault
Logged In: YES
user_id=569736
That's exactly right and it has been fixed in the CVS. I
also added checks to mail_cmd and rcpt_cmd.
Thanks for the bug report.
Logged In: YES
user_id=222090
I'm packaging hotsmtp for debian; would you say I should
package the version currently in CVS, apply the changes from
CVS to your original package as part of the debian patches,
just package the official version, or wait for a new release?
Logged In: YES
user_id=569736
Depends how urgent it is. v1.6 in CVS is the most uptodate.
If it needs to be done very soon then I would use that.
I would like to put out a new version of the hotwayd package
soon though, within the next few weeks as 0.8 has a nasty
habbit of corrupting downloaded messages due to my shoddy
memory alloaction in grow_and_copy() plus a few other bugs.
I'm just waiting to get time to work on a few of the
problems which exist but I might just save them for the future..