TIP: Click on subject to list as thread! ANSI
echo: mbse
to: ANDREW LEARY
from: NIELS HAEDECKE
date: 2020-12-05 17:12:00
subject: Another fix regarding rea
Hi Andrew,

One of my users has found and reported to me another issue with regards to
reading / listing private messages. While the fix in commit [942e85] works for
local, private echos, it does not take into account the possibillity of two
users having the same name (e.g. "Tom Smith") but different AKAs. Since the 
fix
in [942e85] does not check the From / To addresses this may lead to the
possibility of a user"Tom Smith@1:2/3" reading and being able to list messages
for "Tom Smith@3:4/5".

I've already fixed the if (..) statments in mail.c (lines 1116, 1258 and 1909)
and will provide a proper pull request in the next few days. I just wanted to
inform you that there is still a security issue and that there is work being
done to fix it.

Kind regards,
Niels                                         

    Greetings, Niels Haedecke

--- MBSE BBS v1.0.7.20 (GNU/Linux-x86_64)
* Origin: Wintermute BBS - Duesseldorf, Germany (2:240/8002)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.