Buffer overflow bug in libESMTP

Hi all,

A potential buffer overflow in libESMTP exists which could allow a malicious 
SMTP server to overrun the stack and attack the client application.  Basically 
a multiline SMTP response where the accumulated text exceeds 4Kb will overrun 
the stack.  AFAIK, the attack is not possible unless each line of the response 
is less than 1024 bytes long.

I have updated the code to avoid this possibility.  For those who wish to try 
out the updated code I have uploaded a 0.8.11 tarball (I will create the patch 
file when I announce this "oficially").  The URL is 
<http://www.stafford.uklinux.net/libesmtp/libesmtp-0.8.11.tar.bz2>  For now 
any feedback is appreciated.

This release also fixes a build problem in the NTLM auth code where systems 
without stdint.h could not compile ntlmstruct.c.

Brian Stafford.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]