aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGregory Neil Shapiro <gshapiro@FreeBSD.org>2003-03-29 20:09:48 +0000
committerGregory Neil Shapiro <gshapiro@FreeBSD.org>2003-03-29 20:09:48 +0000
commit905ce239fd109edc5a56d9a054127816f0524565 (patch)
treed5b410fffecac8b6ed37727dd0a86b0a8ffa87cd
parent0ad9dc59e952205b7c218e1679a4827ec0915cfc (diff)
downloadsrc-905ce239fd109edc5a56d9a054127816f0524565.tar.gz
src-905ce239fd109edc5a56d9a054127816f0524565.zip
sendmail parsing buffer overflow fix
Approved by: so (nectar)
Notes
Notes: svn path=/stable/3/; revision=112817
-rw-r--r--contrib/sendmail/src/conf.c2
-rw-r--r--contrib/sendmail/src/parseaddr.c15
-rw-r--r--contrib/sendmail/src/version.c2
3 files changed, 16 insertions, 3 deletions
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index cc6c96870d59..4f849cb684dc 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -285,6 +285,8 @@ setdefaults(e)
DontLockReadFiles = TRUE;
DoubleBounceAddr = "postmaster";
MaxHeadersLength = MAXHDRSLEN;
+ MaxMimeHeaderLength = MAXLINE;
+ MaxMimeFieldLength = MaxMimeHeaderLength / 2;
snprintf(buf, sizeof buf, "%s%sdead.letter",
_PATH_VARTMP,
_PATH_VARTMP[sizeof _PATH_VARTMP - 2] == '/' ? "" : "/");
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index 5d82f75fb85e..83b0e44ddd89 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -402,7 +402,7 @@ u_char MimeTokenTab[256] =
};
-# define NOCHAR -1 /* signal nothing in lookahead token */
+# define NOCHAR (-1) /* signal nothing in lookahead token */
char **
prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
@@ -485,6 +485,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
{
+ addrtoolong:
usrerr("553 Address too long");
if (strlen(addr) > (SIZE_T) MAXNAME)
addr[MAXNAME] = '\0';
@@ -496,11 +497,15 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
}
/* squirrel it away */
+#if !ALLOW_255
+ if ((char) c == (char) -1 && !tTd(82, 101))
+ c &= 0x7f;
+#endif /* !ALLOW_255 */
*q++ = c;
}
/* read a new input character */
- c = *p++;
+ c = (*p++) & 0x00ff;
if (c == '\0')
{
/* diagnose and patch up bad syntax */
@@ -555,6 +560,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
}
else if (c != '!' || state == QST)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\\';
continue;
}
@@ -636,6 +644,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
/* new token */
if (tok != q)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\0';
if (tTd(22, 36))
{
diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c
index 6f9d05e901fc..458cf5ac73bb 100644
--- a/contrib/sendmail/src/version.c
+++ b/contrib/sendmail/src/version.c
@@ -14,4 +14,4 @@
static char sccsid[] = "@(#)version.c 8.9.3.1 (Berkeley) 2/4/1999";
#endif /* not lint */
-char Version[] = "8.9.3";
+char Version[] = "8.9.3p2";