klamer@mi.eltn.utwente.nl (Klamer Schutte -- Universiteit Twente) (02/22/91)
With the pop2 server as supplied with the LifeLine mail program (part of
pc-nfs) it is possible to read (and delete) a random mailbox on the server.
The bug is that one can connect (with helo) without a passwd. The idea was that
this only should be used to detect the presence of mail; but with a following
fold command one can read any mailbox on the server. My fix is to go back
to the initial state (state 0) after the mail check.
To fix this bug, apply the patch below.
Klamer (.signature at end)
PS note that also several return 0; statements need to be added at the end of
some functions. lint(1) should help!
--- cut here ---
*** popd.c.orig Thu Dec 20 15:45:38 1990
--- popd.c Fri Feb 22 14:37:44 1991
***************
*** 192,198 ****
strcpy (line, "+ POP2 Unix Server on ");
gethostname(&line[strlen(line)], 1024-strlen(line));
! strcat (line, "\r\n");
if (debug) setbuf (stdout, NULL);
--- 192,198 ----
strcpy (line, "+ POP2 Unix Server on ");
gethostname(&line[strlen(line)], 1024-strlen(line));
! strcat (line, " (KS 22/2/91)\r\n");
if (debug) setbuf (stdout, NULL);
***************
*** 281,288 ****
if (check_user(myargv[1], myargv[2]))
return (-1);
msg_cnt = openit(mailbox);
! } else
msg_cnt = checkit(mailbox);
sprintf (line, "#%d\r\n",msg_cnt);
net_out (line);
break;
--- 281,291 ----
if (check_user(myargv[1], myargv[2]))
return (-1);
msg_cnt = openit(mailbox);
! } else {
msg_cnt = checkit(mailbox);
+ /* no passwd, so only helo and quit are allowed -- KS 22/2/91 */
+ next_state = 0;
+ }
sprintf (line, "#%d\r\n",msg_cnt);
net_out (line);
break;
--
Klamer Schutte
Faculty of electrical engineering -- University of Twente, The Netherlands
klamer@mi.eltn.utwente.nl {backbone}!mcsun!mi.eltn.utwente.nl!klamer