[pkg-fetchmail-maint] Bug#343836: Security: DoS attack possible -
crashes on empty message
Martin Schulze
joey at infodrom.org
Wed Dec 21 21:03:43 UTC 2005
Matthias Andree wrote:
> Martin Schulze wrote:
>
> > The patch does not apply though, since xfree() is unknown in version 6.2.5.
> > I assume that the xfree only frees the memory when it is not NULL and sets
> > the variable to NULL again, so the attached patch should do the same and apply
> > to the version in Debian sarge/etch/sid.
>
> Whoops, my apologies. Your assumptions are right, we are using this macro,
> which is part of fetchmail 6.2.5.5's transact.c:
>
> #define xfree(p) { if (p) { free(p); (p) = 0; } }
Thanks.
> It is perhaps easier to advance to fetchmail 6.2.5.5. The number of changes
> is low, and all changes either add documentation or fix important bugs.
For sid yes. For once released Debian versions this is not an option.
Regards,
Joey
--
Long noun chains don't automatically imply security. -- Bruce Schneier
Please always Cc to me when replying to me on the lists.
More information about the pkg-fetchmail-maint
mailing list