Fix conflicts from sendmail 8.12.8 import

4 files changed, 192 insertions, 111 deletions

diff --git a/contrib/sendmail/mail.local/mail.local.c b/contrib/sendmail/mail.local/mail.local.c
index 55857b9..ed23134 100644
--- a/contrib/sendmail/mail.local/mail.local.c
+++ b/contrib/sendmail/mail.local/mail.local.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1990, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
@@ -20,7 +20,7 @@ SM_IDSTR(copyright,
      Copyright (c) 1990, 1993, 1994\n\
 	The Regents of the University of California.  All rights reserved.\n")
 
-SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.239.2.2 2002/09/24 02:09:09 ca Exp $")
+SM_IDSTR(id, "@(#)$Id: mail.local.c,v 8.239.2.4 2003/01/15 19:17:15 ca Exp $")
 
 #include <stdlib.h>
 #include <sm/errstring.h>
@@ -1051,7 +1051,12 @@ tryagain:
 			mbfd = -1;
 		}
 	}
-	else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode))
+	else if (sb.st_nlink != 1)
+	{
+		mailerr("550 5.2.0", "%s: too many links", path);
+		goto err0;
+	}
+	else if (!S_ISREG(sb.st_mode))
 	{
 		mailerr("550 5.2.0", "%s: irregular file", path);
 		goto err0;
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index 69e5c67..29e8a21 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: conf.c,v 8.972.2.25 2002/12/12 21:19:29 ca Exp $")
+SM_RCSID("@(#)$Id: conf.c,v 8.972.2.27 2003/01/15 19:17:14 ca Exp $")
 
 #include <sendmail/pathnames.h>
 
diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c
index 5d90344..d9966b1 100644
--- a/contrib/sendmail/src/headers.c
+++ b/contrib/sendmail/src/headers.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,9 +13,9 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: headers.c,v 8.266.4.2 2002/09/23 23:42:02 ca Exp $")
+SM_RCSID("@(#)$Id: headers.c,v 8.266.4.4 2003/01/18 00:41:48 gshapiro Exp $")
 
-static size_t	fix_mime_header __P((char *));
+static size_t	fix_mime_header __P((HDR *, ENVELOPE *));
 static int	priencode __P((char *));
 static void	put_vanilla_header __P((HDR *, char *, MCI *));
 
@@ -676,8 +676,8 @@ eatheader(e, full, log)
 			if (buf[0] != '\0')
 			{
 				if (bitset(H_FROM, h->h_flags))
-					expand(crackaddr(buf), buf, sizeof buf,
-					       e);
+					expand(crackaddr(buf, e),
+					       buf, sizeof buf, e);
 				h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
 				h->h_flags &= ~H_DEFAULT;
 			}
@@ -998,7 +998,11 @@ priencode(p)
 **	it and replaces it with "$g".  The parse is totally ad hoc
 **	and isn't even guaranteed to leave something syntactically
 **	identical to what it started with.  However, it does leave
-**	something semantically identical.
+**	something semantically identical if possible, else at least
+**	syntactically correct.
+**
+**	For example, it changes "Real Name <real@example.com> (Comment)"
+**	to "Real Name <$g> (Comment)".
 **
 **	This algorithm has been cleaned up to handle a wider range
 **	of cases -- notably quoted and backslash escaped strings.
@@ -1007,6 +1011,7 @@ priencode(p)
 **
 **	Parameters:
 **		addr -- the address to be cracked.
+**		e -- the current envelope.
 **
 **	Returns:
 **		a pointer to the new version.
@@ -1019,28 +1024,50 @@ priencode(p)
 **		be copied if it is to be reused.
 */
 
+#define SM_HAVE_ROOM		((bp < buflim) && (buflim <= bufend))
+
+/*
+**  Append a character to bp if we have room.
+**  If not, punt and return $g.
+*/
+
+#define SM_APPEND_CHAR(c)					\
+	do							\
+	{							\
+		if (SM_HAVE_ROOM)				\
+			*bp++ = (c);				\
+		else						\
+			goto returng;				\
+	} while (0)
+
+#if MAXNAME < 10
+ERROR MAXNAME must be at least 10
+#endif /* MAXNAME < 10 */
+
 char *
-crackaddr(addr)
+crackaddr(addr, e)
 	register char *addr;
+	ENVELOPE *e;
 {
 	register char *p;
 	register char c;
-	int cmtlev;
-	int realcmtlev;
-	int anglelev, realanglelev;
-	int copylev;
-	int bracklev;
-	bool qmode;
-	bool realqmode;
-	bool skipping;
-	bool putgmac = false;
-	bool quoteit = false;
-	bool gotangle = false;
-	bool gotcolon = false;
+	int cmtlev;			/* comment level in input string */
+	int realcmtlev;			/* comment level in output string */
+	int anglelev;			/* angle level in input string */
+	int copylev;			/* 0 == in address, >0 copying */
+	int bracklev;			/* bracket level for IPv6 addr check */
+	bool addangle;			/* put closing angle in output */
+	bool qmode;			/* quoting in original string? */
+	bool realqmode;			/* quoting in output string? */
+	bool putgmac = false;		/* already wrote $g */
+	bool quoteit = false;		/* need to quote next character */
+	bool gotangle = false;		/* found first '<' */
+	bool gotcolon = false;		/* found a ':' */
 	register char *bp;
 	char *buflim;
 	char *bufhead;
 	char *addrhead;
+	char *bufend;
 	static char buf[MAXNAME + 1];
 
 	if (tTd(33, 1))
@@ -1055,25 +1082,22 @@ crackaddr(addr)
 	**  adjusted later if we find them.
 	*/
 
+	buflim = bufend = &buf[sizeof(buf) - 1];
 	bp = bufhead = buf;
-	buflim = &buf[sizeof buf - 7];
 	p = addrhead = addr;
-	copylev = anglelev = realanglelev = cmtlev = realcmtlev = 0;
+	copylev = anglelev = cmtlev = realcmtlev = 0;
 	bracklev = 0;
-	qmode = realqmode = false;
+	qmode = realqmode = addangle = false;
 
 	while ((c = *p++) != '\0')
 	{
 		/*
-		**  If the buffer is overful, go into a special "skipping"
-		**  mode that tries to keep legal syntax but doesn't actually
-		**  output things.
+		**  Try to keep legal syntax using spare buffer space
+		**  (maintained by buflim).
 		*/
 
-		skipping = bp >= buflim;
-
-		if (copylev > 0 && !skipping)
-			*bp++ = c;
+		if (copylev > 0)
+			SM_APPEND_CHAR(c);
 
 		/* check for backslash escapes */
 		if (c == '\\')
@@ -1088,8 +1112,8 @@ crackaddr(addr)
 				p--;
 				goto putg;
 			}
-			if (copylev > 0 && !skipping)
-				*bp++ = c;
+			if (copylev > 0)
+				SM_APPEND_CHAR(c);
 			goto putg;
 		}
 
@@ -1097,8 +1121,14 @@ crackaddr(addr)
 		if (c == '"' && cmtlev <= 0)
 		{
 			qmode = !qmode;
-			if (copylev > 0 && !skipping)
+			if (copylev > 0 && SM_HAVE_ROOM)
+			{
+				if (realqmode)
+					buflim--;
+				else
+					buflim++;
 				realqmode = !realqmode;
+			}
 			continue;
 		}
 		if (qmode)
@@ -1110,15 +1140,15 @@ crackaddr(addr)
 			cmtlev++;
 
 			/* allow space for closing paren */
-			if (!skipping)
+			if (SM_HAVE_ROOM)
 			{
 				buflim--;
 				realcmtlev++;
 				if (copylev++ <= 0)
 				{
 					if (bp != bufhead)
-						*bp++ = ' ';
-					*bp++ = c;
+						SM_APPEND_CHAR(' ');
+					SM_APPEND_CHAR(c);
 				}
 			}
 		}
@@ -1128,7 +1158,7 @@ crackaddr(addr)
 			{
 				cmtlev--;
 				copylev--;
-				if (!skipping)
+				if (SM_HAVE_ROOM)
 				{
 					realcmtlev--;
 					buflim++;
@@ -1139,7 +1169,7 @@ crackaddr(addr)
 		else if (c == ')')
 		{
 			/* syntax error: unmatched ) */
-			if (copylev > 0 && !skipping)
+			if (copylev > 0 && SM_HAVE_ROOM)
 				bp--;
 		}
 
@@ -1157,7 +1187,7 @@ crackaddr(addr)
 
 			/*
 			**  Check for DECnet phase IV ``::'' (host::user)
-			**  or **  DECnet phase V ``:.'' syntaxes.  The latter
+			**  or DECnet phase V ``:.'' syntaxes.  The latter
 			**  covers ``user@DEC:.tay.myhost'' and
 			**  ``DEC:.tay.myhost::user'' syntaxes (bletch).
 			*/
@@ -1166,10 +1196,10 @@ crackaddr(addr)
 			{
 				if (cmtlev <= 0 && !qmode)
 					quoteit = true;
-				if (copylev > 0 && !skipping)
+				if (copylev > 0)
 				{
-					*bp++ = c;
-					*bp++ = *p;
+					SM_APPEND_CHAR(c);
+					SM_APPEND_CHAR(*p);
 				}
 				p++;
 				goto putg;
@@ -1180,41 +1210,43 @@ crackaddr(addr)
 			bp = bufhead;
 			if (quoteit)
 			{
-				*bp++ = '"';
+				SM_APPEND_CHAR('"');
 
 				/* back up over the ':' and any spaces */
 				--p;
-				while (isascii(*--p) && isspace(*p))
+				while (p > addr &&
+				       isascii(*--p) && isspace(*p))
 					continue;
 				p++;
 			}
 			for (q = addrhead; q < p; )
 			{
 				c = *q++;
-				if (bp < buflim)
+				if (quoteit && c == '"')
 				{
-					if (quoteit && c == '"')
-						*bp++ = '\\';
-					*bp++ = c;
+					SM_APPEND_CHAR('\\');
+					SM_APPEND_CHAR(c);
 				}
+				else
+					SM_APPEND_CHAR(c);
 			}
 			if (quoteit)
 			{
 				if (bp == &bufhead[1])
 					bp--;
 				else
-					*bp++ = '"';
+					SM_APPEND_CHAR('"');
 				while ((c = *p++) != ':')
-				{
-					if (bp < buflim)
-						*bp++ = c;
-				}
-				*bp++ = c;
+					SM_APPEND_CHAR(c);
+				SM_APPEND_CHAR(c);
 			}
 
 			/* any trailing white space is part of group: */
-			while (isascii(*p) && isspace(*p) && bp < buflim)
-				*bp++ = *p++;
+			while (isascii(*p) && isspace(*p))
+			{
+				SM_APPEND_CHAR(*p);
+				p++;
+			}
 			copylev = 0;
 			putgmac = quoteit = false;
 			bufhead = bp;
@@ -1223,10 +1255,7 @@ crackaddr(addr)
 		}
 
 		if (c == ';' && copylev <= 0 && !ColonOkInAddr)
-		{
-			if (bp < buflim)
-				*bp++ = c;
-		}
+			SM_APPEND_CHAR(c);
 
 		/* check for characters that may have to be quoted */
 		if (strchr(MustQuoteChars, c) != NULL)
@@ -1254,42 +1283,45 @@ crackaddr(addr)
 
 			/* oops -- have to change our mind */
 			anglelev = 1;
-			if (!skipping)
-				realanglelev = 1;
+			if (SM_HAVE_ROOM)
+			{
+				if (!addangle)
+					buflim--;
+				addangle = true;
+			}
 
 			bp = bufhead;
 			if (quoteit)
 			{
-				*bp++ = '"';
+				SM_APPEND_CHAR('"');
 
 				/* back up over the '<' and any spaces */
 				--p;
-				while (isascii(*--p) && isspace(*p))
+				while (p > addr &&
+				       isascii(*--p) && isspace(*p))
 					continue;
 				p++;
 			}
 			for (q = addrhead; q < p; )
 			{
 				c = *q++;
-				if (bp < buflim)
+				if (quoteit && c == '"')
 				{
-					if (quoteit && c == '"')
-						*bp++ = '\\';
-					*bp++ = c;
+					SM_APPEND_CHAR('\\');
+					SM_APPEND_CHAR(c);
 				}
+				else
+					SM_APPEND_CHAR(c);
 			}
 			if (quoteit)
 			{
 				if (bp == &buf[1])
 					bp--;
 				else
-					*bp++ = '"';
+					SM_APPEND_CHAR('"');
 				while ((c = *p++) != '<')
-				{
-					if (bp < buflim)
-						*bp++ = c;
-				}
-				*bp++ = c;
+					SM_APPEND_CHAR(c);
+				SM_APPEND_CHAR(c);
 			}
 			copylev = 0;
 			putgmac = quoteit = false;
@@ -1301,13 +1333,14 @@ crackaddr(addr)
 			if (anglelev > 0)
 			{
 				anglelev--;
-				if (!skipping)
+				if (SM_HAVE_ROOM)
 				{
-					realanglelev--;
-					buflim++;
+					if (addangle)
+						buflim++;
+					addangle = false;
 				}
 			}
-			else if (!skipping)
+			else if (SM_HAVE_ROOM)
 			{
 				/* syntax error: unmatched > */
 				if (copylev > 0)
@@ -1316,7 +1349,7 @@ crackaddr(addr)
 				continue;
 			}
 			if (copylev++ <= 0)
-				*bp++ = c;
+				SM_APPEND_CHAR(c);
 			continue;
 		}
 
@@ -1324,30 +1357,42 @@ crackaddr(addr)
 	putg:
 		if (copylev <= 0 && !putgmac)
 		{
-			if (bp > bufhead && bp[-1] == ')')
-				*bp++ = ' ';
-			*bp++ = MACROEXPAND;
-			*bp++ = 'g';
+			if (bp > buf && bp[-1] == ')')
+				SM_APPEND_CHAR(' ');
+			SM_APPEND_CHAR(MACROEXPAND);
+			SM_APPEND_CHAR('g');
 			putgmac = true;
 		}
 	}
 
 	/* repair any syntactic damage */
-	if (realqmode)
+	if (realqmode && bp < bufend)
 		*bp++ = '"';
-	while (realcmtlev-- > 0)
+	while (realcmtlev-- > 0 && bp < bufend)
 		*bp++ = ')';
-	while (realanglelev-- > 0)
+	if (addangle && bp < bufend)
 		*bp++ = '>';
-	*bp++ = '\0';
-
+	*bp = '\0';
+	if (bp < bufend)
+		goto success;
+
+ returng:
+	/* String too long, punt */
+	buf[0] = '<';
+	buf[1] = MACROEXPAND;
+	buf[2]= 'g';
+	buf[3] = '>';
+	buf[4]= '\0';
+	sm_syslog(LOG_ALERT, e->e_id,
+		  "Dropped invalid comments from header address");
+
+ success:
 	if (tTd(33, 1))
 	{
 		sm_dprintf("crackaddr=>`");
 		xputs(buf);
 		sm_dprintf("'\n");
 	}
-
 	return buf;
 }
 /*
@@ -1412,7 +1457,7 @@ putheader(mci, hdr, e, flags)
 		{
 			size_t len;
 
-			len = fix_mime_header(h->h_value);
+			len = fix_mime_header(h, e);
 			if (len > 0)
 			{
 				sm_syslog(LOG_ALERT, e->e_id,
@@ -1455,13 +1500,28 @@ putheader(mci, hdr, e, flags)
 			if (shorten_rfc822_string(h->h_value,
 						  MaxMimeHeaderLength))
 			{
-				sm_syslog(LOG_ALERT, e->e_id,
-					  "Truncated long MIME %s header (length = %ld) (possible attack)",
-					  h->h_field, (unsigned long) len);
-				if (tTd(34, 11))
-					sm_dprintf("  truncated long MIME %s header (length = %ld) (possible attack)\n",
-						   h->h_field,
-						   (unsigned long) len);
+				if (len < MaxMimeHeaderLength)
+				{
+					/* we only rebalanced a bogus header */
+					sm_syslog(LOG_ALERT, e->e_id,
+						  "Fixed MIME %s header (possible attack)",
+						  h->h_field);
+					if (tTd(34, 11))
+						sm_dprintf("  fixed MIME %s header (possible attack)\n",
+							   h->h_field);
+				}
+				else
+				{
+					/* we actually shortened header */
+					sm_syslog(LOG_ALERT, e->e_id,
+						  "Truncated long MIME %s header (length = %ld) (possible attack)",
+						  h->h_field,
+						  (unsigned long) len);
+					if (tTd(34, 11))
+						sm_dprintf("  truncated long MIME %s header (length = %ld) (possible attack)\n",
+							   h->h_field,
+							   (unsigned long) len);
+				}
 			}
 		}
 
@@ -1856,7 +1916,8 @@ copyheader(header, rpool)
 **	to MaxMimeFieldLength.
 **
 **	Parameters:
-**		string -- the full header
+**		h -- the header to truncate/rebalance
+**		e -- the current envelope
 **
 **	Returns:
 **		length of last offending field, 0 if all ok.
@@ -1866,15 +1927,16 @@ copyheader(header, rpool)
 */
 
 static size_t
-fix_mime_header(string)
-	char *string;
+fix_mime_header(h, e)
+	HDR *h;
+	ENVELOPE *e;
 {
-	char *begin = string;
+	char *begin = h->h_value;
 	char *end;
 	size_t len = 0;
 	size_t retlen = 0;
 
-	if (string == NULL || *string == '\0')
+	if (begin == NULL || *begin == '\0')
 		return 0;
 
 	/* Split on each ';' */
@@ -1889,7 +1951,23 @@ fix_mime_header(string)
 
 		/* Shorten individual parameter */
 		if (shorten_rfc822_string(begin, MaxMimeFieldLength))
-			retlen = len;
+		{
+			if (len < MaxMimeFieldLength)
+			{
+				/* we only rebalanced a bogus field */
+				sm_syslog(LOG_ALERT, e->e_id,
+					  "Fixed MIME %s header field (possible attack)",
+					  h->h_field);
+				if (tTd(34, 11))
+					sm_dprintf("  fixed MIME %s header field (possible attack)\n",
+						   h->h_field);
+			}
+			else
+			{
+				/* we actually shortened the header */
+				retlen = len;
+			}
+		}
 
 		/* Collapse the possibly shortened string with rest */
 		bp = begin + strlen(begin);
diff --git a/contrib/sendmail/src/mci.c b/contrib/sendmail/src/mci.c
index 5172333..033387b 100644
--- a/contrib/sendmail/src/mci.c
+++ b/contrib/sendmail/src/mci.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: mci.c,v 8.205.2.2 2002/11/26 19:15:19 gshapiro Exp $")
+SM_RCSID("@(#)$Id: mci.c,v 8.205.2.3 2003/01/07 03:56:19 ca Exp $")
 
 #if NETINET || NETINET6
 # include <arpa/inet.h>
@@ -1244,10 +1244,8 @@ mci_print_persistent(pathname, hostname)
 			     locked ? '*' : ' ', hostname,
 			     pintvl(curtime() - mcib.mci_lastuse, true));
 	if (mcib.mci_rstatus != NULL)
-	{
 		(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%.*s\n", width,
 				     mcib.mci_rstatus);
-	}
 	else if (mcib.mci_exitstat == EX_TEMPFAIL && mcib.mci_errno != 0)
 		(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
 				     "Deferred: %.*s\n", width - 10,