[fetchmail-devel] [PATCH] A malicious server can crash fetchmail-6.2.5.1
Miloslav Trmac
mitr at redhat.com
Thu Jul 21 19:23:17 CEST 2005
Hello,
The fetchmail patch at
http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.1.gz
introduces a null pointer dereference when a POP3 server with no UIDL
support returns an empty Message-Id: header.
The attached patch fixes it.
Thanks,
Mirek
-------------- next part --------------
--- fetchmail-6.2.5/pop3.c.crash 2005-07-21 18:09:01.000000000 +0200
+++ fetchmail-6.2.5/pop3.c 2005-07-21 18:09:31.000000000 +0200
@@ -609,6 +609,8 @@
char *p = buf + 11;
p += strspn(p, POSIX_space);
p = strtok(p, POSIX_space);
+ if (p == NULL)
+ p = "";
strlcpy(id, p, idsize);
}
}
More information about the fetchmail-devel
mailing list