[Mimedefang] Seeing a lot of reaping
David F. Skoll
dfs at roaringpenguin.com
Fri Feb 10 21:31:08 EST 2006
Philip Prindeville wrote:
> FWIW: I didn't see this with 2.54.
That's odd, because the bug was present in 2.54.
The problem is an off-by-one error in the function
set_slave_status_from_command. The patch below should fix it.
Please note that the error is not exploitable for the purpose of executing
arbitrary code; the only effect is that the slave can lose track of
which generation it is, and decide it needs to restart. There's a mild
DoS potential here, so I will be releasing 2.56 soon.
Regards,
David.
--- mimedefang-multiplexor.c-V255 2006-01-18 08:32:07.000000000 -0500
+++ mimedefang-multiplexor.c 2006-02-10 21:27:37.000000000 -0500
@@ -13,7 +13,7 @@
***********************************************************************/
static char const RCSID[] =
-"$Id: mimedefang-multiplexor.c,v 1.237 2006/01/18 13:16:20 dfs Exp $";
+"$Id: mimedefang-multiplexor.c,v 1.238 2006/02/11 02:24:29 dfs Exp $";
#include "config.h"
#include "event_tcp.h"
@@ -1363,7 +1363,7 @@
s->cmd = -1;
}
- while (*ptr && (*ptr != '\n') && len < MAX_STATUS_LEN) {
+ while (*ptr && (*ptr != '\n') && len < MAX_STATUS_LEN - 1) {
char c = *ptr++;
*out++ = c;
len++;
More information about the MIMEDefang
mailing list