glenn@mathcs.emory.edu (Glenn Barry) (08/26/89)
(I'll send a copy of this to bsd-bugs and sun-bugs, I'm not sure who to tell at AT&T or Apple. Please check to see if your version of Unix has the problem and pass this info onto your vendor. --glenn) Problem: Mail dumps core when processing an 'alias' command (in the .mailrc file) that is slightly greater than BUFSIZ bytes *and* uses continuation lines (end preceding line with backslash). Systems: 4.3BSD, 4.3-tahoe (not tested, but looks like it) System V Release 2 and 3 SunOS 4.0.{0,1,3} A/UX 1.1 (probably any Unix system derived from 4.XBSD and System V since most vendor's Mail/mailx seem to be derived from an early bsd version of Mail) Caveat: Using continuation lines in the .mailrc is not in the man pages I've checked but the code supports it (well, almost:-) and it's "common" practice. Repeat By: MAILRC=mailrc.boom Mail where the file mailrc.boom is the follwing (all my friends are nobodies:-): alias t_fc nobody%asabet.DEC@decwrl.dec.com rayssd!raybed2.RAY.COM!nobody \ nobody@bbn.com nobody@beach.cis.ufl.edu nobody@csri.toronto.edu \ nobody@theory.cs.cmu.edu nobody@uhura.cc.rochester.edu attunix!nobody \ nobody!nobody nobody@bbn.com nobody@MSU.BITNET \ nobody%compsci.bristol.ac.uk@NSFnet-Relay.AC.UK \ nobody@isis.berkeley.edu att!cblpn!nobody sun!terrapin!nobody \ nobody%etive.edinburgh.ac.uk@NSFnet-Relay.AC.UK nobody@wellesley.edu \ nobody@usceast.UUCP nobody@eos.arc.nasa.gov nobody@dgbt.crc.dnd.ca \ nobody%ukc.ac.uk@NSFnet-Relay.AC.UK \ nobody%fulcrum.bt.co.uk@NSFnet-Relay.AC.UK nobody@cup.portal.com \ nobody.nobody%brunel.ac.uk@NSFnet-Relay.AC.UK nobody@dewey.udel.edu \ nobody@telesci.UUCP nobody@boulder.colorado.edu \ nobody%tisl.decnet@tisl.af.mil nobody-nobody@cs.yale.edu \ nobody@ifi.uio.no gatech!cs.utexas.edu!halley!nobody \ nobody.nobody@K.GP.CS.CMU.EDU cbnewsi.ATT.COM!nobody \ attbl!homxc!nobody homxc!nobody tridom!nobody \ nobody@blake.acs.washington.edu nobody@whoball.uucp Slightly more detailed description: When reading one's .mailrc file and encountering an 'alias' command, commands() (lex.c) calls readline() (fio.c) for each line of input from the file (this includes individual continuation lines). A check is made that the line read is not greater than the size of the input buffer (LINESIZE = BUFSIZ = (usually) 1024). The problem is that the input line as a whole (the sum of the continuation lines) is not checked against LINESIZE, just each individual line (from the file) is checked. Thus, if the alias command "line" is slightly greater than LINESIZE, nasty things happen, like the stack gets blown away. Fix: (for the SunOS 4.0 Mail, derived from System V Release 2 mailx, this will not work for the 4.3BSD Mail because readline() has been changed to use fgets(3)) A possible (but kludgey) fix is to add another parameter to readline() which is a char ptr (or just use the input array, itself) pointing to the *start* of the input buffer. And then use it to check (in readline()) against the current input position to see if the buffer is "full". Also, the input buffer should probably be increased to allow (more) voluminous aliases. -- Glenn T. Barry | glenn@mathcs.emory.edu Internet Emory University | {sun!sunatl,gatech}!emory!glenn UUCP Dept of Math and CS | glenn@emory BITNET Atlanta, GA 30322 | ph: (404) 727-5637