Re: [exim-dev] exim_dbmbuild buffer overflow

Góra strony
Delete this message
Reply to this message
Autor: Tim Jackson
Data:  
Dla: exim-dev
Temat: Re: [exim-dev] exim_dbmbuild buffer overflow
Tom Kistner wrote:
> Tim Jackson wrote:


[user data in filenames]
>> e.g. /path/to/virtual_aliases/example.com
>> where the data in those files might be eligible for dbmbuild'ing.
>
> Just hope they don't call their domain ../../../etc/passwd :)


Sure, that's why I mentioned "whitelist filtering" :)

The point here though is that even whitelist filtering wouldn't stop the
buffer overflow. Allowing domains that are 5000 chars long is probably
not strictly necessary, but you can see how someone could plausibly
forget to check for length even if they are being diligent about only
allowing a-z0-9.-, no double dots etc.

Tim