[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2.99.39 smtpserver patch



At zmailer-2.99.39 there is bug in smtpserver's HELO syntax
parser, which manifests itself as faulty pointer arithmetics.
This fix hides the real problem by introducing a sanity limit
at how long a line can be -- assuming the errors are made
with hand-typed SMTP the lines can't be very long.

Anyway, without this a malformed SMTP HELO greeting can blow your
log-file (and remote user's senses).

	/Matti Aarnio <mea@nic.funet.fi>


--- smtpserver.c~	Fri Oct 25 21:46:53 1996
+++ smtpserver.c	Mon Oct 28 11:31:38 1996
@@ -2776,17 +2776,17 @@
 	void *s1, *s2, *s3; /* XX: Propably not portable.. */
 {
 	char *s = inbuf+3+strlen(status)+1;
+	int maxcnt = 200;
 
 	printf("%03d-%s ", code < 0 ? -code : code,status);
 	if (logfp != NULL)
 	  fprintf(logfp, "%dw\t%03d-%s ", pid, code,status);
-	if (((int)(rfc821_error_ptr - s)) < 200)
-	  while (s < rfc821_error_ptr) {
-	    ++s;
-	    putc(' ',stdout);
-	    if (logfp != NULL)
-	      putc(' ',logfp);
-	  }
+	while (s < rfc821_error_ptr && --maxcnt >= 0) {
+	  ++s;
+	  putc(' ',stdout);
+	  if (logfp != NULL)
+	    putc(' ',logfp);
+	}
 	printf("^\n");
 	if (logfp != NULL)
 	  fprintf(logfp,"^\n");