Thread: TCP/IP Socket

I posted this on the c++ board and no one responded.
So I'll move it here and hope for the best.

I'm in the final stages of development on a mail server. A have found a security exploit. When the mail box is accessed using its pop3 server there is a buffer which can be overloaded.

How would I design a check for the buffer on the TCP/IP level?

BTW. It is for a win9x/NT4/me/2k/xp.

Originally posted by Nor
When the mail box is accessed using its pop3 server there is a buffer which can be overloaded.
How would I design a check for the buffer on the TCP/IP level?

Just in case I missed it, here's how I interpret your message: you are aware of a buffer overflow vulnerability in an application, and you want to see if it can be exploited remotely.

Since you didn't provide any details, I can only offer some generalized advice. Become familiar with what the buffer is for and under what cirumstances it is actually used. Then ask yourself if you have a means of providing the data that buffer is populated with.

Perhaps you can hit the buffer directly: some portion of your POP3 message is copied directly to the buffer. You can overflow it and try to insert instructions or simply blow away enough of the app in memory that it crashes.

Since you are using Windows, you probably won't get much more than generic 'buffer overflow' advice here on the Linux forum.

Good luck.

I'm sorry. I do not wish to exploit it. This is for one of my projects and I need to find a way to fix it.

Originally posted by Nor
I need to find a way to fix it.

Find a means of limiting the amount of data you place into a buffer, so that you never place more than the buffer can hold. If the buffer is a character array, consider using strncpy() instead of strcpy(). If you need more help, tell us what kind of data the buffer is meant to hold.