Re: Router crash

[Matti Aarnio <mea@utu.fi>]

>   It appears that the router will crash if any header entry exceeds 100000
> characters.  I've tested this on 2.99.27 and 2.99.39, and it causes a
> total router failure.
> 
>   scan882() in rfc822scan.c calls copyToken() 
> 
>   In lib/token.c, copyToken(), there is the following code:
> 
> 	if (ct->t_len > 100000)
> 		abort();
> 
>   When scan882() in rfc822scan.c calls copyToken() on line 344, and
> scan822 has been scanning a very long header entry, will the router to
> abort.

	... in our series of sanitychecks that nobody should ever
	reach...  Yeah :-)

	I could increase that limit to the sky (10M ?), but it would just
	make it more likely that system crashes because swap becomes
	exhausted, or some such.

>   copyToken should return a error result rather than aborting, and the
> message file should be re-linked into $POSTOFFICE/postman  Also, the limit
> of 100000 seems to be a bit small.  The router should be able to handle
> headers entries at least double that.
> 
>   I will send anyone who asks a copy of message that has a very long
> (over 200000 characters), continued To: entry to test this with.

	I got an edited down version of it from Mr. Folliott.
	The original one was sent from  <ibmpcug@VNET.IBM.COM> ?
	My collegues at work were incredulous at such apalling
	monster -- to put it mildly :-)

	I have now rearranged the lines of  copyToken(),  and now it at
	first figures out the "tlen", clamps it down to 50k, and
	proceeds to copy the first 50k (or less) of the token.
	(No more abort, neither quite exactly correct behaviour ;-) )

> Tom

	/Matti Aarnio