diff options
Diffstat (limited to 'contrib/sendmail/src')
| -rw-r--r-- | contrib/sendmail/src/conf.c | 4 | ||||
| -rw-r--r-- | contrib/sendmail/src/headers.c | 282 | ||||
| -rw-r--r-- | contrib/sendmail/src/mci.c | 6 | ||||
| -rw-r--r-- | contrib/sendmail/src/sendmail.8 | 9 |
4 files changed, 113 insertions, 188 deletions
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c index 29e8a21..69e5c67 100644 --- a/contrib/sendmail/src/conf.c +++ b/contrib/sendmail/src/conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: conf.c,v 8.972.2.27 2003/01/15 19:17:14 ca Exp $") +SM_RCSID("@(#)$Id: conf.c,v 8.972.2.25 2002/12/12 21:19:29 ca Exp $") #include <sendmail/pathnames.h> diff --git a/contrib/sendmail/src/headers.c b/contrib/sendmail/src/headers.c index d9966b1..5d90344 100644 --- a/contrib/sendmail/src/headers.c +++ b/contrib/sendmail/src/headers.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,9 +13,9 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: headers.c,v 8.266.4.4 2003/01/18 00:41:48 gshapiro Exp $") +SM_RCSID("@(#)$Id: headers.c,v 8.266.4.2 2002/09/23 23:42:02 ca Exp $") -static size_t fix_mime_header __P((HDR *, ENVELOPE *)); +static size_t fix_mime_header __P((char *)); static int priencode __P((char *)); static void put_vanilla_header __P((HDR *, char *, MCI *)); @@ -676,8 +676,8 @@ eatheader(e, full, log) if (buf[0] != '\0') { if (bitset(H_FROM, h->h_flags)) - expand(crackaddr(buf, e), - buf, sizeof buf, e); + expand(crackaddr(buf), buf, sizeof buf, + e); h->h_value = sm_rpool_strdup_x(e->e_rpool, buf); h->h_flags &= ~H_DEFAULT; } @@ -998,11 +998,7 @@ priencode(p) ** it and replaces it with "$g". The parse is totally ad hoc ** and isn't even guaranteed to leave something syntactically ** identical to what it started with. However, it does leave -** something semantically identical if possible, else at least -** syntactically correct. -** -** For example, it changes "Real Name <real@example.com> (Comment)" -** to "Real Name <$g> (Comment)". +** something semantically identical. ** ** This algorithm has been cleaned up to handle a wider range ** of cases -- notably quoted and backslash escaped strings. @@ -1011,7 +1007,6 @@ priencode(p) ** ** Parameters: ** addr -- the address to be cracked. -** e -- the current envelope. ** ** Returns: ** a pointer to the new version. @@ -1024,50 +1019,28 @@ priencode(p) ** be copied if it is to be reused. */ -#define SM_HAVE_ROOM ((bp < buflim) && (buflim <= bufend)) - -/* -** Append a character to bp if we have room. -** If not, punt and return $g. -*/ - -#define SM_APPEND_CHAR(c) \ - do \ - { \ - if (SM_HAVE_ROOM) \ - *bp++ = (c); \ - else \ - goto returng; \ - } while (0) - -#if MAXNAME < 10 -ERROR MAXNAME must be at least 10 -#endif /* MAXNAME < 10 */ - char * -crackaddr(addr, e) +crackaddr(addr) register char *addr; - ENVELOPE *e; { register char *p; register char c; - int cmtlev; /* comment level in input string */ - int realcmtlev; /* comment level in output string */ - int anglelev; /* angle level in input string */ - int copylev; /* 0 == in address, >0 copying */ - int bracklev; /* bracket level for IPv6 addr check */ - bool addangle; /* put closing angle in output */ - bool qmode; /* quoting in original string? */ - bool realqmode; /* quoting in output string? */ - bool putgmac = false; /* already wrote $g */ - bool quoteit = false; /* need to quote next character */ - bool gotangle = false; /* found first '<' */ - bool gotcolon = false; /* found a ':' */ + int cmtlev; + int realcmtlev; + int anglelev, realanglelev; + int copylev; + int bracklev; + bool qmode; + bool realqmode; + bool skipping; + bool putgmac = false; + bool quoteit = false; + bool gotangle = false; + bool gotcolon = false; register char *bp; char *buflim; char *bufhead; char *addrhead; - char *bufend; static char buf[MAXNAME + 1]; if (tTd(33, 1)) @@ -1082,22 +1055,25 @@ crackaddr(addr, e) ** adjusted later if we find them. */ - buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; + buflim = &buf[sizeof buf - 7]; p = addrhead = addr; - copylev = anglelev = cmtlev = realcmtlev = 0; + copylev = anglelev = realanglelev = cmtlev = realcmtlev = 0; bracklev = 0; - qmode = realqmode = addangle = false; + qmode = realqmode = false; while ((c = *p++) != '\0') { /* - ** Try to keep legal syntax using spare buffer space - ** (maintained by buflim). + ** If the buffer is overful, go into a special "skipping" + ** mode that tries to keep legal syntax but doesn't actually + ** output things. */ - if (copylev > 0) - SM_APPEND_CHAR(c); + skipping = bp >= buflim; + + if (copylev > 0 && !skipping) + *bp++ = c; /* check for backslash escapes */ if (c == '\\') @@ -1112,8 +1088,8 @@ crackaddr(addr, e) p--; goto putg; } - if (copylev > 0) - SM_APPEND_CHAR(c); + if (copylev > 0 && !skipping) + *bp++ = c; goto putg; } @@ -1121,14 +1097,8 @@ crackaddr(addr, e) if (c == '"' && cmtlev <= 0) { qmode = !qmode; - if (copylev > 0 && SM_HAVE_ROOM) - { - if (realqmode) - buflim--; - else - buflim++; + if (copylev > 0 && !skipping) realqmode = !realqmode; - } continue; } if (qmode) @@ -1140,15 +1110,15 @@ crackaddr(addr, e) cmtlev++; /* allow space for closing paren */ - if (SM_HAVE_ROOM) + if (!skipping) { buflim--; realcmtlev++; if (copylev++ <= 0) { if (bp != bufhead) - SM_APPEND_CHAR(' '); - SM_APPEND_CHAR(c); + *bp++ = ' '; + *bp++ = c; } } } @@ -1158,7 +1128,7 @@ crackaddr(addr, e) { cmtlev--; copylev--; - if (SM_HAVE_ROOM) + if (!skipping) { realcmtlev--; buflim++; @@ -1169,7 +1139,7 @@ crackaddr(addr, e) else if (c == ')') { /* syntax error: unmatched ) */ - if (copylev > 0 && SM_HAVE_ROOM) + if (copylev > 0 && !skipping) bp--; } @@ -1187,7 +1157,7 @@ crackaddr(addr, e) /* ** Check for DECnet phase IV ``::'' (host::user) - ** or DECnet phase V ``:.'' syntaxes. The latter + ** or ** DECnet phase V ``:.'' syntaxes. The latter ** covers ``user@DEC:.tay.myhost'' and ** ``DEC:.tay.myhost::user'' syntaxes (bletch). */ @@ -1196,10 +1166,10 @@ crackaddr(addr, e) { if (cmtlev <= 0 && !qmode) quoteit = true; - if (copylev > 0) + if (copylev > 0 && !skipping) { - SM_APPEND_CHAR(c); - SM_APPEND_CHAR(*p); + *bp++ = c; + *bp++ = *p; } p++; goto putg; @@ -1210,43 +1180,41 @@ crackaddr(addr, e) bp = bufhead; if (quoteit) { - SM_APPEND_CHAR('"'); + *bp++ = '"'; /* back up over the ':' and any spaces */ --p; - while (p > addr && - isascii(*--p) && isspace(*p)) + while (isascii(*--p) && isspace(*p)) continue; p++; } for (q = addrhead; q < p; ) { c = *q++; - if (quoteit && c == '"') + if (bp < buflim) { - SM_APPEND_CHAR('\\'); - SM_APPEND_CHAR(c); + if (quoteit && c == '"') + *bp++ = '\\'; + *bp++ = c; } - else - SM_APPEND_CHAR(c); } if (quoteit) { if (bp == &bufhead[1]) bp--; else - SM_APPEND_CHAR('"'); + *bp++ = '"'; while ((c = *p++) != ':') - SM_APPEND_CHAR(c); - SM_APPEND_CHAR(c); + { + if (bp < buflim) + *bp++ = c; + } + *bp++ = c; } /* any trailing white space is part of group: */ - while (isascii(*p) && isspace(*p)) - { - SM_APPEND_CHAR(*p); - p++; - } + while (isascii(*p) && isspace(*p) && bp < buflim) + *bp++ = *p++; copylev = 0; putgmac = quoteit = false; bufhead = bp; @@ -1255,7 +1223,10 @@ crackaddr(addr, e) } if (c == ';' && copylev <= 0 && !ColonOkInAddr) - SM_APPEND_CHAR(c); + { + if (bp < buflim) + *bp++ = c; + } /* check for characters that may have to be quoted */ if (strchr(MustQuoteChars, c) != NULL) @@ -1283,45 +1254,42 @@ crackaddr(addr, e) /* oops -- have to change our mind */ anglelev = 1; - if (SM_HAVE_ROOM) - { - if (!addangle) - buflim--; - addangle = true; - } + if (!skipping) + realanglelev = 1; bp = bufhead; if (quoteit) { - SM_APPEND_CHAR('"'); + *bp++ = '"'; /* back up over the '<' and any spaces */ --p; - while (p > addr && - isascii(*--p) && isspace(*p)) + while (isascii(*--p) && isspace(*p)) continue; p++; } for (q = addrhead; q < p; ) { c = *q++; - if (quoteit && c == '"') + if (bp < buflim) { - SM_APPEND_CHAR('\\'); - SM_APPEND_CHAR(c); + if (quoteit && c == '"') + *bp++ = '\\'; + *bp++ = c; } - else - SM_APPEND_CHAR(c); } if (quoteit) { if (bp == &buf[1]) bp--; else - SM_APPEND_CHAR('"'); + *bp++ = '"'; while ((c = *p++) != '<') - SM_APPEND_CHAR(c); - SM_APPEND_CHAR(c); + { + if (bp < buflim) + *bp++ = c; + } + *bp++ = c; } copylev = 0; putgmac = quoteit = false; @@ -1333,14 +1301,13 @@ crackaddr(addr, e) if (anglelev > 0) { anglelev--; - if (SM_HAVE_ROOM) + if (!skipping) { - if (addangle) - buflim++; - addangle = false; + realanglelev--; + buflim++; } } - else if (SM_HAVE_ROOM) + else if (!skipping) { /* syntax error: unmatched > */ if (copylev > 0) @@ -1349,7 +1316,7 @@ crackaddr(addr, e) continue; } if (copylev++ <= 0) - SM_APPEND_CHAR(c); + *bp++ = c; continue; } @@ -1357,42 +1324,30 @@ crackaddr(addr, e) putg: if (copylev <= 0 && !putgmac) { - if (bp > buf && bp[-1] == ')') - SM_APPEND_CHAR(' '); - SM_APPEND_CHAR(MACROEXPAND); - SM_APPEND_CHAR('g'); + if (bp > bufhead && bp[-1] == ')') + *bp++ = ' '; + *bp++ = MACROEXPAND; + *bp++ = 'g'; putgmac = true; } } /* repair any syntactic damage */ - if (realqmode && bp < bufend) + if (realqmode) *bp++ = '"'; - while (realcmtlev-- > 0 && bp < bufend) + while (realcmtlev-- > 0) *bp++ = ')'; - if (addangle && bp < bufend) + while (realanglelev-- > 0) *bp++ = '>'; - *bp = '\0'; - if (bp < bufend) - goto success; - - returng: - /* String too long, punt */ - buf[0] = '<'; - buf[1] = MACROEXPAND; - buf[2]= 'g'; - buf[3] = '>'; - buf[4]= '\0'; - sm_syslog(LOG_ALERT, e->e_id, - "Dropped invalid comments from header address"); - - success: + *bp++ = '\0'; + if (tTd(33, 1)) { sm_dprintf("crackaddr=>`"); xputs(buf); sm_dprintf("'\n"); } + return buf; } /* @@ -1457,7 +1412,7 @@ putheader(mci, hdr, e, flags) { size_t len; - len = fix_mime_header(h, e); + len = fix_mime_header(h->h_value); if (len > 0) { sm_syslog(LOG_ALERT, e->e_id, @@ -1500,28 +1455,13 @@ putheader(mci, hdr, e, flags) if (shorten_rfc822_string(h->h_value, MaxMimeHeaderLength)) { - if (len < MaxMimeHeaderLength) - { - /* we only rebalanced a bogus header */ - sm_syslog(LOG_ALERT, e->e_id, - "Fixed MIME %s header (possible attack)", - h->h_field); - if (tTd(34, 11)) - sm_dprintf(" fixed MIME %s header (possible attack)\n", - h->h_field); - } - else - { - /* we actually shortened header */ - sm_syslog(LOG_ALERT, e->e_id, - "Truncated long MIME %s header (length = %ld) (possible attack)", - h->h_field, - (unsigned long) len); - if (tTd(34, 11)) - sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n", - h->h_field, - (unsigned long) len); - } + sm_syslog(LOG_ALERT, e->e_id, + "Truncated long MIME %s header (length = %ld) (possible attack)", + h->h_field, (unsigned long) len); + if (tTd(34, 11)) + sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n", + h->h_field, + (unsigned long) len); } } @@ -1916,8 +1856,7 @@ copyheader(header, rpool) ** to MaxMimeFieldLength. ** ** Parameters: -** h -- the header to truncate/rebalance -** e -- the current envelope +** string -- the full header ** ** Returns: ** length of last offending field, 0 if all ok. @@ -1927,16 +1866,15 @@ copyheader(header, rpool) */ static size_t -fix_mime_header(h, e) - HDR *h; - ENVELOPE *e; +fix_mime_header(string) + char *string; { - char *begin = h->h_value; + char *begin = string; char *end; size_t len = 0; size_t retlen = 0; - if (begin == NULL || *begin == '\0') + if (string == NULL || *string == '\0') return 0; /* Split on each ';' */ @@ -1951,23 +1889,7 @@ fix_mime_header(h, e) /* Shorten individual parameter */ if (shorten_rfc822_string(begin, MaxMimeFieldLength)) - { - if (len < MaxMimeFieldLength) - { - /* we only rebalanced a bogus field */ - sm_syslog(LOG_ALERT, e->e_id, - "Fixed MIME %s header field (possible attack)", - h->h_field); - if (tTd(34, 11)) - sm_dprintf(" fixed MIME %s header field (possible attack)\n", - h->h_field); - } - else - { - /* we actually shortened the header */ - retlen = len; - } - } + retlen = len; /* Collapse the possibly shortened string with rest */ bp = begin + strlen(begin); diff --git a/contrib/sendmail/src/mci.c b/contrib/sendmail/src/mci.c index 033387b..5172333 100644 --- a/contrib/sendmail/src/mci.c +++ b/contrib/sendmail/src/mci.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 @@ -13,7 +13,7 @@ #include <sendmail.h> -SM_RCSID("@(#)$Id: mci.c,v 8.205.2.3 2003/01/07 03:56:19 ca Exp $") +SM_RCSID("@(#)$Id: mci.c,v 8.205.2.2 2002/11/26 19:15:19 gshapiro Exp $") #if NETINET || NETINET6 # include <arpa/inet.h> @@ -1244,8 +1244,10 @@ mci_print_persistent(pathname, hostname) locked ? '*' : ' ', hostname, pintvl(curtime() - mcib.mci_lastuse, true)); if (mcib.mci_rstatus != NULL) + { (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "%.*s\n", width, mcib.mci_rstatus); + } else if (mcib.mci_exitstat == EX_TEMPFAIL && mcib.mci_errno != 0) (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Deferred: %.*s\n", width - 10, diff --git a/contrib/sendmail/src/sendmail.8 b/contrib/sendmail/src/sendmail.8 index cf473c5..1c014fd 100644 --- a/contrib/sendmail/src/sendmail.8 +++ b/contrib/sendmail/src/sendmail.8 @@ -11,7 +11,7 @@ .\" .\" $Id: sendmail.8,v 8.51 2002/05/24 15:42:13 ca Exp $ .\" -.TH SENDMAIL 8 "$Date: 2002/05/24 15:42:13 $" +.TH SENDMAIL 8 "$Date: 2001/03/23 22:10:00 $" .SH NAME sendmail \- an electronic mail transport agent @@ -687,13 +687,13 @@ collected statistics /var/spool/mqueue/* temp files .SH SEE ALSO -binmail(1), mail(1), -rmail(1), syslog(3), aliases(5), mailaddr(7), -rc(8) +mail.local(8), +rc(8), +rmail(8) .PP DARPA Internet Request For Comments @@ -709,3 +709,4 @@ The .B sendmail command appeared in 4.2BSD. +.\" $FreeBSD$ |
