Bugtraq mailing list archives
From the sendmail 8.8.5 patch
From: aleph1 () dfw net (Aleph One)
Date: Tue, 21 Jan 1997 21:30:17 -0600
SENDMAIL RELEASE NOTES ! @(#)RELEASE_NOTES 8.8.5.3 (Berkeley) 1/21/97 This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. + + 8.8.5/8.8.5 97/01/21 + SECURITY: Clear out group list during startup. Without this, sendmail + will continue to run with the group permissions of the caller, + even if RunAsUser is specified. + SECURITY: Make purgestat (-bH) be root-only. This is not in response + to any known attack, but it's best to be conservative. + Suggested by Peter Wemm of DIALix. + SECURITY: Fix buffer overrun problem in MIME code that has possible + security implications. Patch from Alex Garthwaite of the + University of Pennsylvania. diff -r -c sendmail-8.8.4/src/mime.c sendmail-8.8.5/src/mime.c *** sendmail-8.8.4/src/mime.c Sun Nov 24 07:27:26 1996 --- sendmail-8.8.5/src/mime.c Tue Jan 14 17:21:22 1997 *************** *** 36,42 **** # include <string.h> #ifndef lint ! static char sccsid[] = "@(#)mime.c 8.51 (Berkeley) 11/24/96"; #endif /* not lint */ /* --- 36,42 ---- # include <string.h> #ifndef lint ! static char sccsid[] = "@(#)mime.c 8.54 (Berkeley) 1/14/97"; #endif /* not lint */ /* *************** *** 958,967 **** register char *p; char *cte; char **pvp; - u_char *obp; u_char *fbufp; char buf[MAXLINE]; - u_char obuf[MAXLINE + 1]; u_char fbuf[MAXLINE + 1]; char pvpbuf[MAXLINE]; extern u_char MimeTokenTab[256]; --- 958,965 ---- *************** *** 1045,1053 **** c2 = CHAR64(c2); *fbufp = (c1 << 2) | ((c2 & 0x30) >> 4); ! if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE]) { ! if (*--fbufp != '\n' || *--fbufp != '\r') fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); --- 1043,1052 ---- c2 = CHAR64(c2); *fbufp = (c1 << 2) | ((c2 & 0x30) >> 4); ! if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { ! if (*--fbufp != '\n' || ! (fbufp > fbuf && *--fbufp != '\r')) fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); *************** *** 1057,1065 **** continue; c3 = CHAR64(c3); *fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); ! if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE]) { ! if (*--fbufp != '\n' || *--fbufp != '\r') fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); --- 1056,1065 ---- continue; c3 = CHAR64(c3); *fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); ! if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { ! if (*--fbufp != '\n' || ! (fbufp > fbuf && *--fbufp != '\r')) fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); *************** *** 1069,1103 **** continue; c4 = CHAR64(c4); *fbufp = ((c3 & 0x03) << 6) | c4; ! if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE]) { ! if (*--fbufp != '\n' || *--fbufp != '\r') fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); fbufp = fbuf; } } - - /* force out partial last line */ - if (fbufp > fbuf) - { - *fbufp = '\0'; - putline((char *) fbuf, mci); - } } else { /* quoted-printable */ ! obp = obuf; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { ! if (mime_fromqp((u_char *) buf, &obp, 0, &obuf[MAXLINE] - obp) == 0) continue; ! putline((char *) obuf, mci); ! obp = obuf; } } if (tTd(43, 3)) printf("\t\t\tmime7to8 => %s to 8bit done\n", cte); --- 1069,1105 ---- continue; c4 = CHAR64(c4); *fbufp = ((c3 & 0x03) << 6) | c4; ! if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { ! if (*--fbufp != '\n' || ! (fbufp > fbuf && *--fbufp != '\r')) fbufp++; *fbufp = '\0'; putline((char *) fbuf, mci); fbufp = fbuf; } } } else { /* quoted-printable */ ! fbufp = fbuf; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { ! if (mime_fromqp((u_char *) buf, &fbufp, 0, ! &fbuf[MAXLINE] - fbufp) == 0) continue; ! putline((char *) fbuf, mci); ! fbufp = fbuf; } + } + + /* force out partial last line */ + if (fbufp > fbuf) + { + *fbufp = '\0'; + putline((char *) fbuf, mci); } if (tTd(43, 3)) printf("\t\t\tmime7to8 => %s to 8bit done\n", cte); Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- From the sendmail 8.8.5 patch Aleph One (Jan 21)