aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile.in2
-rw-r--r--NEWS2
-rw-r--r--driver.c14
-rwxr-xr-xindexgen.sh3
4 files changed, 18 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in
index 44f44d10..36cc4cd4 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -4,7 +4,7 @@
# So just uncomment all the lines marked QNX.
PACKAGE = fetchmail
-VERSION = 5.9.9
+VERSION = 5.9.10
# Ultrix 2.2 make doesn't expand the value of VPATH.
srcdir = @srcdir@
diff --git a/NEWS b/NEWS
index 4fcdbc1d..a3ae291d 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@
(The `lines' figures total .c, .h, .l, and .y files under version control.)
+* Security fix: don't trust the message count passed back by the server.
+
fetchmail-5.9.9 (Sat Mar 9 08:54:28 EST 2002), 21508 lines:
* Renamed misnamed tr.po and da.po files
diff --git a/driver.c b/driver.c
index 56c37a73..a94c2445 100644
--- a/driver.c
+++ b/driver.c
@@ -15,6 +15,7 @@
#endif /* HAVE_MEMORY_H */
#if defined(STDC_HEADERS)
#include <stdlib.h>
+#include <limits.h>
#endif
#if defined(HAVE_UNISTD_H)
#include <unistd.h>
@@ -1301,6 +1302,19 @@ is restored."));
*/
force_retrieval = !peek_capable && (ctl->errcount > 0);
+ /*
+ * Don't trust the message count passed by the server.
+ * Without this check, it might be possible to do a
+ * DNS-spoofing attack that would pass back a ridiculous
+ * count, and allocate a malloc area that would overlap
+ * a portion of the stack.
+ */
+ if (count > INT_MAX/sizeof(int))
+ {
+ report(stderr, "bogus message count!");
+ return(PS_PROTOCOL);
+ }
+
/* OK, we're going to gather size info next */
xalloca(msgsizes, int *, sizeof(int) * count);
xalloca(msgcodes, int *, sizeof(int) * count);
diff --git a/indexgen.sh b/indexgen.sh
index 8880dbf9..8dc25195 100755
--- a/indexgen.sh
+++ b/indexgen.sh
@@ -364,8 +364,7 @@ ftp://ftp.win.ne.jp/pub/network/mail/fetchmail</a>.
<P>Fetchmail was DaveCentral's Best Of Linux winner for
<a href="http://linux.davecentral.com/bol_19990630.html">June 30 1999</a>.
-<P>Fetchmail was a five-star Editor's Pick at
-<a href="http://www.softlandindia.com/Linux/EmailClients.htm">Softlandindia</a>
+<P>Fetchmail was a five-star Editor's Pick at Softlandindia.
<HR>
<table width="100%" cellpadding=0><tr>