Long headers cause sendmail loop (5.59, 5.61) +FIX

Steve Campbell steve at eleazar.dartmouth.edu
Sat Feb 18 07:04:22 AEST 1989


Subject: Long headers cause sendmail loop (5.59, 5.61) +FIX
Index:	usr.lib/sendmail/src/util.c 4.3BSD

Description:
	Sendmail will loop in sfgets if you feed it a message with a
	header (often the To:) that exceeds sendmail's 2500 byte
	MAXFIELD limit.  The reason is that collect() calls sfgets()
	(at line 124 in collect.c) with a length argument that varies,
	and when the header exceeds 2500 bytes, that argument goes
	negative, causing a loop in sfgets.
Repeat-By:
	Feed sendmail a message with enough recipients to exceed 2500
	bytes.  This can happen when the original recipients' addresses
	are "user" but get rewritten to "user at domain".
Fix:
	The complete fix is to make collect() more intelligent about
	handling long headers.  Would someone like to step forward?
	A damage-control fix is to make sfgets check its length arg.
	Here are patches for 5.61.  

*** /tmp/,RCSt1013479	Wed Feb 15 14:44:23 1989
--- util.c	Wed Feb 15 13:05:00 1989
***************
*** 582,587 ****
--- 582,594 ----
  	register char *p;
  	extern readtimeout();
  
+ 	/* check for reasonable siz arg */
+ 	if (siz < 1)
+ 	{
+ 		buf[0] = '\0';
+ 		return (NULL);
+ 	}
+ 
  	/* set the timeout */
  	if (ReadTimeout != 0)
  	{



More information about the Comp.bugs.4bsd.ucb-fixes mailing list