Bugzilla – Attachment 27625 Details for
Bug 64815
VUL-0: CVE-2003-0297: pine integer overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
patch used by redhat
pine-4.44-CAN-2003-0297.patch (text/plain), 808 bytes, created by
Ludwig Nussel
on 2005-01-13 23:35:40 UTC
(
hide
)
Description:
patch used by redhat
Filename:
MIME Type:
Creator:
Ludwig Nussel
Created:
2005-01-13 23:35:40 UTC
Size:
808 bytes
patch
obsolete
>Patch to correct CAN-2003-0297 which could allow a remote malicious IMAP >server to crash Pine by sending a large literal which causes an integer >overflow. Patch taken from fix in imap-2002c > >--- pine4.44/imap/src/c-client/imap4r1.c.orig Fri Dec 3 05:42:27 2004 >+++ pine4.44/imap/src/c-client/imap4r1.c Fri Dec 3 05:44:03 2004 >@@ -3896,7 +3896,12 @@ > > case '{': /* if literal string */ > /* get size of string */ >- i = strtoul (*txtptr,txtptr,10); >+ if ((i = strtoul (*txtptr,txtptr,10)) > 0x7fffffff) { >+ sprintf (LOCAL->tmp,"Absurd server literal length %lu",i); >+ mm_log (LOCAL->tmp,WARN); >+ if (len) *len = i; >+ break; >+ } > if (len) *len = i; /* set return value */ > if (md && mg) { /* have special routine to slurp string? */ > if (md->first) { /* partial fetch? */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=27625">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 64815
: 27625