e07@nikhefh.nikhef.nl (Eric Wassenaar) (05/17/91)
The IDA versions of sendmail call invalidaddr() in the beginning
of parseaddr() just before the call to prescan(), in order to catch
addresses containing invalid control characters by which prescan
may get confused. However, if such event happens, parseaddr()
immediately returns without setting the global variable DelimChar
which is needed by sendtolist() in case a multi-recipient list
is being processed. Normally, DelimChar is set by prescan().
DelimChar is now completely undefined (probably pointing to the
end of an address for which prescan() has been called earlier,
hopefully pointing to a '\0' byte. In that case, the whole list
of addresses gets rejected, otherwise disaster may follow).
Here are the relevant pieces of code from recipient.c and parseaddr.c
sendtolist(list, ctladdr, sendq)
{
for (p = list; *p != '\0'; )
{
a = parseaddr(p, (ADDRESS *) NULL, 1, delimiter);
p = DelimChar;
if (a == NULL)
continue;
parseaddr(addr, a, copyf, delim)
{
if (invalidaddr(addr))
return (NULL);
pvp = prescan(addr, delim, pvpbuf);
if (pvp == NULL)
return (NULL);
Suggested fix:
Using my recently posted routine find_delim() and temporarily
patching the address list to test only the one relevant recipient,
change the call to invalidaddr() to:
{
extern char *find_delim();
extern char *DelimChar;
char savec;
bool invalid;
DelimChar = find_delim(addr, delim);
savec = *DelimChar;
*DelimChar = '\0';
invalid = invalidaddr(addr);
*DelimChar = savec;
if (invalid)
return (NULL);
}
Eric Wassenaar
--
Organization: NIKHEF-H, National Institute for Nuclear and High-Energy Physics
Address: Kruislaan 409, P.O. Box 41882, 1009 DB Amsterdam, the Netherlands
Phone: +31 20 592 0412, Home: +31 20 6909449, Telefax: +31 20 592 5155
Internet: e07@nikhef.nl