Re: [exim-dev] exim_dbmbuild buffer overflow

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Tim Jackson
Date:  
À: exim-dev
Sujet: Re: [exim-dev] exim_dbmbuild buffer overflow
Tom Kistner wrote:
> Tim Jackson wrote:


[user data in filenames]
>> e.g. /path/to/virtual_aliases/example.com
>> where the data in those files might be eligible for dbmbuild'ing.
>
> Just hope they don't call their domain ../../../etc/passwd :)


Sure, that's why I mentioned "whitelist filtering" :)

The point here though is that even whitelist filtering wouldn't stop the
buffer overflow. Allowing domains that are 5000 chars long is probably
not strictly necessary, but you can see how someone could plausibly
forget to check for length even if they are being diligent about only
allowing a-z0-9.-, no double dots etc.

Tim