[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

router coredump in logit()

To: zmailer@nic.funet.fi
Subject: router coredump in logit()
From: Eugene Crosser <crosser@online.ru>
Date: Thu, 24 Apr 1997 01:44:01 +0400 (MSD)
Reply-To: Eugene Crosser <crosser@online.ru>
Sender: crosser@pccross.average.org

Matti,

the code of logit() function around router.c:570 is incorrect.
It tries to cut down the "from" string if it is too long, but
if the "id" string is too long, it happens that baselen is
bigger that strlen(from)+MAXSAFESIZE, and offset in the line
574 "c = *(from+MAXSAFESIZE-baselen);" is negative.  This causes
segfault.

This happend when someone put a junk in the Message-ID header:
Message-ID: .........................something
Zmailer converted every dot into the text "(illegal something blah-blah)"
and "id" became longer than 1Kb.

Eugene

Prev by Date: Re: zmailer on Debian systems
Next by Date: new zmailer beta
Prev by thread: New snapshot -- last of 2.99.48 ?
Next by thread: new zmailer beta
Index(es):
- Date
- Thread