diff options
Diffstat (limited to 'contrib/sendmail/src/headers.c')
-rw-r--r-- | contrib/sendmail/src/headers.c | 125 |
1 files changed, 122 insertions, 3 deletions
diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c index a04f59e..fcf1d9c 100644 --- a/contrib/sendmail/src/headers.c +++ b/contrib/sendmail/src/headers.c @@ -11,7 +11,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)headers.c 8.127 (Berkeley) 6/4/98"; +static char sccsid[] = "@(#)headers.c 8.134 (Berkeley) 11/29/1998"; #endif /* not lint */ # include <errno.h> @@ -521,8 +521,8 @@ eatheader(e, full) #if 0 /* - ** Change functionality so a fatal error on an - ** address doesn't affect the entire envelope. + ** Change functionality so a fatal error on an + ** address doesn't affect the entire envelope. */ /* delete fatal errors generated by this address */ @@ -1198,6 +1198,59 @@ putheader(mci, hdr, e) xputs(p); } +#if _FFR_MAX_MIME_HEADER_LENGTH + /* heuristic shortening of MIME fields to avoid MUA overflows */ + if (MaxMimeFieldLength > 0 && + wordinclass(h->h_field, + macid("{checkMIMEFieldHeaders}", NULL))) + { + extern bool fix_mime_header __P((char *)); + + if (fix_mime_header(h->h_value)) + { + sm_syslog(LOG_ALERT, e->e_id, + "Truncated MIME %s header due to field size (possible attack)", + h->h_field); + if (tTd(34, 11)) + printf(" truncated MIME %s header due to field size (possible attack)\n", + h->h_field); + } + } + + if (MaxMimeHeaderLength > 0 && + wordinclass(h->h_field, + macid("{checkMIMETextHeaders}", NULL))) + { + if (strlen(h->h_value) > MaxMimeHeaderLength) + { + h->h_value[MaxMimeHeaderLength - 1] = '\0'; + sm_syslog(LOG_ALERT, e->e_id, + "Truncated long MIME %s header (possible attack)", + h->h_field); + if (tTd(34, 11)) + printf(" truncated long MIME %s header (possible attack)\n", + h->h_field); + } + } + + if (MaxMimeHeaderLength > 0 && + wordinclass(h->h_field, + macid("{checkMIMEHeaders}", NULL))) + { + extern bool shorten_rfc822_string __P((char *, int)); + + if (shorten_rfc822_string(h->h_value, MaxMimeHeaderLength)) + { + sm_syslog(LOG_ALERT, e->e_id, + "Truncated long MIME %s header (possible attack)", + h->h_field); + if (tTd(34, 11)) + printf(" truncated long MIME %s header (possible attack)\n", + h->h_field); + } + } +#endif + /* suppress Content-Transfer-Encoding: if we are MIMEing */ if (bitset(H_CTE, h->h_flags) && bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags)) @@ -1568,3 +1621,69 @@ copyheader(header) return ret; } +/* +** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header +** +** Run through all of the parameters of a MIME header and +** possibly truncate and rebalance the parameter according +** to MaxMimeFieldLength. +** +** Parameters: +** string -- the full header +** +** Returns: +** TRUE if the header was modified, FALSE otherwise +** +** Side Effects: +** string modified in place +*/ + +bool +fix_mime_header(string) + char *string; +{ + bool modified = FALSE; + char *begin = string; + char *end; + extern char *find_character __P((char *, char)); + extern bool shorten_rfc822_string __P((char *, int)); + + if (string == NULL || *string == '\0') + return FALSE; + + /* Split on each ';' */ + while ((end = find_character(begin, ';')) != NULL) + { + char save = *end; + char *bp; + + *end = '\0'; + + /* Shorten individual parameter */ + if (shorten_rfc822_string(begin, MaxMimeFieldLength)) + modified = TRUE; + + /* Collapse the possibly shortened string with rest */ + bp = begin + strlen(begin); + if (bp != end) + { + char *ep = end; + + *end = save; + end = bp; + + /* copy character by character due to overlap */ + while (*ep != '\0') + *bp++ = *ep++; + *bp = '\0'; + } + else + *end = save; + if (*end == '\0') + break; + + /* Move past ';' */ + begin = end + 1; + } + return modified; +} |