Add htons (port), and only copy 4 bytes for the IP address to prevent a

2000-03-29  Miguel de Icaza  <miguel@gnu.org>

	* providers/pop3/camel-pop3-store.c (pop3_connect): Add htons
	(port), and only copy 4 bytes for the IP address to prevent a DNS
	attack.

svn path=/trunk/; revision=2251

2 files changed, 13 insertions, 2 deletions

diff --git a/camel/ChangeLog b/camel/ChangeLog
index f04c228db4..4cc6e9d281 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,9 @@
+2000-03-29  Miguel de Icaza  <miguel@gnu.org>
+
+	* providers/pop3/camel-pop3-store.c (pop3_connect): Add htons
+	(port), and only copy 4 bytes for the IP address to prevent a DNS
+	attack. 
+
 2000-03-28  Dan Winship  <danw@helixcode.com>
 
 	* camel-seekable-substream.c
diff --git a/camel/providers/pop3/camel-pop3-store.c b/camel/providers/pop3/camel-pop3-store.c
index 543a6ce532..b41c27b0aa 100644
--- a/camel/providers/pop3/camel-pop3-store.c
+++ b/camel/providers/pop3/camel-pop3-store.c
@@ -233,8 +233,13 @@ pop3_connect (CamelService *service, CamelException *ex)
 	}
 
 	sin.sin_family = h->h_addrtype;
-	sin.sin_port = port;
-	memcpy (&sin.sin_addr, h->h_addr, sizeof (sin.sin_addr));
+	sin.sin_port = htons (port);
+
+	/*
+	 * We copy only 4 bytes, as we can not trust h->h_length, as it
+	 * comes from the DNS and might have been tampered with.
+	 */
+	memcpy (&sin.sin_addr, h->h_addr, 4);
 
 	fd = socket (h->h_addrtype, SOCK_STREAM, 0);
 	if (fd == -1 ||