In message <_A574@delegate-en.ML_>
on 09/02/99(21:08:36) you Fritz Thomas <phybabdyi-qghxypm7cja6.ml@delegate.org> wrote:
 |We did a security-scan on a box running delegated as an pop-proxy, and we
 |detected a buffer overflow, when the input-string exceeded 256 Bytes.
 |The attached "quick'n'dirty" patch is our workaround for the moment.
 |If a more experienced programmer fixes this problem in a better way, please
 |let us know.

In complete revision for DeleGate/6.X which will be (maybe) released
in this month, "pop.c" also has been modified at several point,
including replacement of wordscan(str,buf) by wordscan(str,buf,size)
which will be safer.  The problem you pointed also will be fixed in
the version. I enclosed a patche which might be the minimum solution
for the problem in the meantime.

　　　　　　　 　　　        @ @　　
┬─┐─┬─┌   ／／\^^   ( - )  <URL:http://www.etl.go.jp/~ysato/>
├─　　│　│ ／　876m\  _<   >_ <URL:http://www.delegate.org/delegate/>
┴──　┴　┴──────────────────────────────┘

diff -c ../../delegate5.9.3/src/pop.c ./pop.c
*** ../../delegate5.9.3/src/pop.c	Tue Jun 15 13:43:16 1999
--- ./pop.c	Sat Sep  4 05:24:30 1999
***************
*** 417,423 ****
  	char *auser,*epass,*seed;
  	char *nextUSER;
  	char *resp;
! {	char *dp,userhost[256],user[256],hostport[256],host[256],tmp[1024];
  	char *opts;
  	int port;
  
--- 417,423 ----
  	char *auser,*epass,*seed;
  	char *nextUSER;
  	char *resp;
! {	char *dp,userhost[1024],user[1024],hostport[1024],host[1024],tmp[1024];
  	char *opts;
  	int port;
  
diff -c ../../delegate5.9.3/src/url.c ./url.c
*** ../../delegate5.9.3/src/url.c	Thu Jun  3 14:20:17 1999
--- ./url.c	Sat Sep  4 05:05:13 1999
***************
*** 721,727 ****
--- 721,731 ----
  
  	p = proto;
  	for( up = url; isSchemeChar(ch = *up); up++ )
+ 	{
+ 		if( 32 <= p - proto )
+ 			break;
  		*p++ = ch;
+ 	}
  	*p = 0;
  
  	if( up[0] == ':' ){