Bug in uumail v4 patchlevel 2, with fix.

Jay Schuster jay at banzai.UUCP
Tue Jan 24 02:20:42 AEST 1989 

The Problem:

I get >From_ lines from my upstream site that sometimes look like this:

>From uunet!asuvax.asu.edu!stjhmc!stjhmc.fiduunet
>From uunet!bikini.cis.ufl.edu!novavax!proxfuunet
>From uunet!hpda!sun!portal!cup.portal.com!Duunet
>From uunet!pyramid!pyrtech.pyramid.com!sylvuunet
>From uunet!pyramid!pyrnova.pyramid.com!sylvuunet
>From uunet!mimsy!ames!mips!admin.mips.com!ruunet
            <- 32 characters              ->
>From dartvax!linus!harvard!cmcl2!cornell!batcdartvax
>From dartvax!linus!xait!harvard!uwvax!oliveb!dartvax
              <- 32 characters              ->

The Solution:

I've had this problem a while, but I finally got to poking around
and figuring out what was causing it.  Initially I thought it might
be sendmail, and gave it up as a lost cause.  Then I realized it
was probably uumail, and since we had the source here, I compiled
it and tested it.  Yup, I could recreate the problem and I found
the bug.

I've always suspected that it was due to overflowing some 32
character buffer.  I traced it to a bug in uumail patchlevel 2.

Inside Putfrom(), in uumail.c, parse() is called to break the
address up, and then build is called to put it back together.
Parse() will break the address up into a domain part and a user
part.  For a uucp path (host!host2!host3!user), the domain part
becomes the first site (host1) and the user becomes the rest
(host2!host3!user).  Unfortunately, the user[] array in Putfrom()
is declared to be user[NAMESIZE] instead of user[PATHSIZE].  NAMESIZE
is 32, PATHSIZE is 16*NAMESIZE.  If the uucp path is longer than
32 characters, it gets stomped on.

Note that domain[] could probably be knocked down to NAMESIZ, but
I am not going to be the one to try it.

*** uumail.c~	Sat Jan 21 20:03:58 1989
--- uumail.c	Sat Jan 21 20:04:42 1989
***************
*** 719,725 ****
  	char	*tp, *zp,*c;
  	int	i,parts,fromflag=0;
  	char 	*partv[128];
! 	char buf[BUFSIZ], addr[PATHSIZ], domain[PATHSIZ], user[NAMESIZ];
  	int form;
  	extern build();
  	long iop, offset;
--- 719,725 ----
  	char	*tp, *zp,*c;
  	int	i,parts,fromflag=0;
  	char 	*partv[128];
! 	char buf[BUFSIZ], addr[PATHSIZ], domain[PATHSIZ], user[PATHSIZ];
  	int form;
  	extern build();
  	long iop, offset;

-- 
Jay Schuster			uunet!uvm-gen!banzai!jay, attmail!banzai!jay
The People's Computer Company	`Revolutionary Programming'

More information about the Comp.sources.bugs mailing list