> Hello,
>         I've lately found an overflow vulnerability in Elm (Elm is setgid
> mail on linux, and perhaps on some other platforms aswell). I've tested this
> bug on versions 2.3 and 2.4, on 3 different Linux installations.
> from Elm 2.3's curses.c:
> [...]
>         char termname[40];
>         char *strcpy(), *getenv();
>
>         if (getenv("TERM") == NULL) return(-1);
>
>         if (strcpy(termname, getenv("TERM")) == NULL)
>                 return(-1);
> [...]
> to patch, change the strcpy line to
>         if (strncpy(termname, getenv("TERM"), sizeof(termname)) == NULL)
>
To patch it on Elm 2.4, change:
[...]
        if (strcpy(termname, termenv) == NULL)
                return (-1);
to:
[...]
        if (strncpy(termname, termenv, sizeof(termname)) == NULL)
                return (-1);
 -Grych