steve@eleazar.dartmouth.edu (Steve Campbell) (02/18/89)
Subject: Long headers cause sendmail loop (5.59, 5.61) +FIX Index: usr.lib/sendmail/src/util.c 4.3BSD Description: Sendmail will loop in sfgets if you feed it a message with a header (often the To:) that exceeds sendmail's 2500 byte MAXFIELD limit. The reason is that collect() calls sfgets() (at line 124 in collect.c) with a length argument that varies, and when the header exceeds 2500 bytes, that argument goes negative, causing a loop in sfgets. Repeat-By: Feed sendmail a message with enough recipients to exceed 2500 bytes. This can happen when the original recipients' addresses are "user" but get rewritten to "user@domain". Fix: The complete fix is to make collect() more intelligent about handling long headers. Would someone like to step forward? A damage-control fix is to make sfgets check its length arg. Here are patches for 5.61. *** /tmp/,RCSt1013479 Wed Feb 15 14:44:23 1989 --- util.c Wed Feb 15 13:05:00 1989 *************** *** 582,587 **** --- 582,594 ---- register char *p; extern readtimeout(); + /* check for reasonable siz arg */ + if (siz < 1) + { + buf[0] = '\0'; + return (NULL); + } + /* set the timeout */ if (ReadTimeout != 0) {