summaryrefslogtreecommitdiffstats
path: root/contrib/sendmail/src/headers.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/sendmail/src/headers.c')
-rw-r--r--contrib/sendmail/src/headers.c125
1 files changed, 122 insertions, 3 deletions
diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c
index a04f59e..fcf1d9c 100644
--- a/contrib/sendmail/src/headers.c
+++ b/contrib/sendmail/src/headers.c
@@ -11,7 +11,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)headers.c 8.127 (Berkeley) 6/4/98";
+static char sccsid[] = "@(#)headers.c 8.134 (Berkeley) 11/29/1998";
#endif /* not lint */
# include <errno.h>
@@ -521,8 +521,8 @@ eatheader(e, full)
#if 0
/*
- ** Change functionality so a fatal error on an
- ** address doesn't affect the entire envelope.
+ ** Change functionality so a fatal error on an
+ ** address doesn't affect the entire envelope.
*/
/* delete fatal errors generated by this address */
@@ -1198,6 +1198,59 @@ putheader(mci, hdr, e)
xputs(p);
}
+#if _FFR_MAX_MIME_HEADER_LENGTH
+ /* heuristic shortening of MIME fields to avoid MUA overflows */
+ if (MaxMimeFieldLength > 0 &&
+ wordinclass(h->h_field,
+ macid("{checkMIMEFieldHeaders}", NULL)))
+ {
+ extern bool fix_mime_header __P((char *));
+
+ if (fix_mime_header(h->h_value))
+ {
+ sm_syslog(LOG_ALERT, e->e_id,
+ "Truncated MIME %s header due to field size (possible attack)",
+ h->h_field);
+ if (tTd(34, 11))
+ printf(" truncated MIME %s header due to field size (possible attack)\n",
+ h->h_field);
+ }
+ }
+
+ if (MaxMimeHeaderLength > 0 &&
+ wordinclass(h->h_field,
+ macid("{checkMIMETextHeaders}", NULL)))
+ {
+ if (strlen(h->h_value) > MaxMimeHeaderLength)
+ {
+ h->h_value[MaxMimeHeaderLength - 1] = '\0';
+ sm_syslog(LOG_ALERT, e->e_id,
+ "Truncated long MIME %s header (possible attack)",
+ h->h_field);
+ if (tTd(34, 11))
+ printf(" truncated long MIME %s header (possible attack)\n",
+ h->h_field);
+ }
+ }
+
+ if (MaxMimeHeaderLength > 0 &&
+ wordinclass(h->h_field,
+ macid("{checkMIMEHeaders}", NULL)))
+ {
+ extern bool shorten_rfc822_string __P((char *, int));
+
+ if (shorten_rfc822_string(h->h_value, MaxMimeHeaderLength))
+ {
+ sm_syslog(LOG_ALERT, e->e_id,
+ "Truncated long MIME %s header (possible attack)",
+ h->h_field);
+ if (tTd(34, 11))
+ printf(" truncated long MIME %s header (possible attack)\n",
+ h->h_field);
+ }
+ }
+#endif
+
/* suppress Content-Transfer-Encoding: if we are MIMEing */
if (bitset(H_CTE, h->h_flags) &&
bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags))
@@ -1568,3 +1621,69 @@ copyheader(header)
return ret;
}
+ /*
+** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
+**
+** Run through all of the parameters of a MIME header and
+** possibly truncate and rebalance the parameter according
+** to MaxMimeFieldLength.
+**
+** Parameters:
+** string -- the full header
+**
+** Returns:
+** TRUE if the header was modified, FALSE otherwise
+**
+** Side Effects:
+** string modified in place
+*/
+
+bool
+fix_mime_header(string)
+ char *string;
+{
+ bool modified = FALSE;
+ char *begin = string;
+ char *end;
+ extern char *find_character __P((char *, char));
+ extern bool shorten_rfc822_string __P((char *, int));
+
+ if (string == NULL || *string == '\0')
+ return FALSE;
+
+ /* Split on each ';' */
+ while ((end = find_character(begin, ';')) != NULL)
+ {
+ char save = *end;
+ char *bp;
+
+ *end = '\0';
+
+ /* Shorten individual parameter */
+ if (shorten_rfc822_string(begin, MaxMimeFieldLength))
+ modified = TRUE;
+
+ /* Collapse the possibly shortened string with rest */
+ bp = begin + strlen(begin);
+ if (bp != end)
+ {
+ char *ep = end;
+
+ *end = save;
+ end = bp;
+
+ /* copy character by character due to overlap */
+ while (*ep != '\0')
+ *bp++ = *ep++;
+ *bp = '\0';
+ }
+ else
+ *end = save;
+ if (*end == '\0')
+ break;
+
+ /* Move past ';' */
+ begin = end + 1;
+ }
+ return modified;
+}
OpenPOWER on IntegriCloud