From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Nico Golde Newsgroups: gmane.emacs.devel Subject: Re: [nico@ngolde.de: some code issues] Date: Thu, 10 Jan 2008 16:35:46 +0100 Message-ID: <20080110153546.GB31176@ngolde.de> References: <87tzllzonn.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0129685316==" X-Trace: ger.gmane.org 1199983204 16508 80.91.229.12 (10 Jan 2008 16:40:04 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 10 Jan 2008 16:40:04 +0000 (UTC) Cc: rms@gnu.org, emacs-devel@gnu.org To: Chong Yidong Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jan 10 17:40:22 2008 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1JD0Rx-0004M4-TH for ged-emacs-devel@m.gmane.org; Thu, 10 Jan 2008 17:40:14 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JD0Ra-0006Ni-Ex for ged-emacs-devel@m.gmane.org; Thu, 10 Jan 2008 11:39:50 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JCzRc-0001VH-Go for emacs-devel@gnu.org; Thu, 10 Jan 2008 10:35:48 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JCzRb-0001U5-8K for emacs-devel@gnu.org; Thu, 10 Jan 2008 10:35:47 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JCzRa-0001Tz-Td for emacs-devel@gnu.org; Thu, 10 Jan 2008 10:35:46 -0500 Original-Received: from mo-p00-ob.rzone.de ([81.169.146.161]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JCzRU-0000tG-L8; Thu, 10 Jan 2008 10:35:41 -0500 X-RZG-CLASS-ID: mo00 X-RZG-AUTH: hvKiKtSHbeE0ghP2VIXOfz9FbKPIjAFDNRMtknfPuvqS60u3mcM1eRXD31fcOw== Original-Received: from ngolde.de (e178069024.adsl.alicedsl.de [85.178.69.24]) by post.webmailer.de (mrclete mo28) (RZmta 15.1) with ESMTP id 301272k0AEZSrs ; Thu, 10 Jan 2008 16:35:36 +0100 (MET) (envelope-from: ) Original-Received: by ngolde.de (Postfix, from userid 1000) id 456D63EE5B; Thu, 10 Jan 2008 16:35:46 +0100 (CET) In-Reply-To: <87tzllzonn.fsf@stupidchicken.com> X-Mailer: netcat 1.10 X-GPG: 0x73647cff X-detected-kernel: by monty-python.gnu.org: Solaris 10 (beta) X-Mailman-Approved-At: Thu, 10 Jan 2008 11:38:38 -0500 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:86708 Archived-At: --===============0129685316== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WhfpMioaduB5tiZL" Content-Disposition: inline --WhfpMioaduB5tiZL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Chong, * Chong Yidong [2008-01-10 16:29]: > > I had a quick look at the pop.c code today and found some > > issues. > > > > In pop_stat: > > > > If I don't miss anything the atoi call in 380 is not save as it is not > > save because it is not ensure that &fromserver[4] is not NULL. A crafted > > pop3 server could thus crash emacs. This is of course not a real issue = but > > wouldn't be nice. Same for the pop_last function. > > > > In pop_list: > > > > in 441 and 442 there should be some check for how_many to prevent an in= teger > > overflow here. >=20 > Fixed. Thanks for pointing these out. What do you think about requesting a CVE id for this? Kind regards Nico --=20 Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. --WhfpMioaduB5tiZL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHhjtSHYflSXNkfP8RAooKAJ9P6OilA9fmneDtEEp1U97RFI5ZKgCeMiyY RVJ4eD/hg6fFytNStM2yoTA= =eHGd -----END PGP SIGNATURE----- --WhfpMioaduB5tiZL-- --===============0129685316== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://lists.gnu.org/mailman/listinfo/emacs-devel --===============0129685316==--