steve@eleazar.dartmouth.edu (Steve Campbell) (02/18/89)
Subject: Long headers cause sendmail loop (5.59, 5.61) +FIX
Index: usr.lib/sendmail/src/util.c 4.3BSD
Description:
Sendmail will loop in sfgets if you feed it a message with a
header (often the To:) that exceeds sendmail's 2500 byte
MAXFIELD limit. The reason is that collect() calls sfgets()
(at line 124 in collect.c) with a length argument that varies,
and when the header exceeds 2500 bytes, that argument goes
negative, causing a loop in sfgets.
Repeat-By:
Feed sendmail a message with enough recipients to exceed 2500
bytes. This can happen when the original recipients' addresses
are "user" but get rewritten to "user@domain".
Fix:
The complete fix is to make collect() more intelligent about
handling long headers. Would someone like to step forward?
A damage-control fix is to make sfgets check its length arg.
Here are patches for 5.61.
*** /tmp/,RCSt1013479 Wed Feb 15 14:44:23 1989
--- util.c Wed Feb 15 13:05:00 1989
***************
*** 582,587 ****
--- 582,594 ----
register char *p;
extern readtimeout();
+ /* check for reasonable siz arg */
+ if (siz < 1)
+ {
+ buf[0] = '\0';
+ return (NULL);
+ }
+
/* set the timeout */
if (ReadTimeout != 0)
{