Date: Wed, 7 Jan 2004 18:26:11 +0300 (MSK) From: Oleg Bulyzhin <oleg@rinet.ru> To: FreeBSD-gnats-submit@FreeBSD.org Cc: gshapiro@FreeBSD.org Subject: bin/61019: [PATCH] wrong tokenization of unstructured data Message-ID: <200401071526.i07FQB7S023443@lath.rinet.ru> Resent-Message-ID: <200401071530.i07FUMJe016571@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 61019
>Category: bin
>Synopsis: [PATCH] wrong tokenization of unstructured data
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 07 07:30:21 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Oleg Bulyzhin
>Release: FreeBSD 4.9-RELEASE-p1 i386
>Organization:
Cronyx Plus LLC
>Environment:
System: FreeBSD lath.rinet.ru 4.9-RELEASE-p1 FreeBSD 4.9-RELEASE-p1 #1: Thu Dec 11 14:25:00 MSK 2003 root@lath.rinet.ru:/lh/obj/lh/src/sys/lath i386
All sendmail versions are affected (8.12.* 8.11.* 8.9.*)
>Description:
Sendmail use prescan() function for data tokenization. This function
use some implicit checks and convertions (like checks for unbalanced
braces, angle braces etc).
When prescan() used for 'unstructured' data tokenization (mail headers
for example) global variable SuprErrs set to 'true' and all those error
messages just skipped but 'syntax enforcing' still works (unbalanced
'>' stripping for example).
Due to such prescan() behaviour certain symbols are 'invisible' for
sendmail. This can lead to wrong mail filtering (and maybe other
ugly things).
>How-To-Repeat:
Add following in sendmail.cf:
Ksyslog syslog
HSubject: $>+log_subject
Slog_subject
R$* $: $(syslog "Subject: " $1 $)
restart sendmail
do the following:
root@lath# echo | mail -s '-->bug<--' postmaster@localhost
root@lath# grep "Subject:" /var/log/maillog
Jan 7 17:59:19 lath sm-mta[23337]: i07ExJ3O023337: Subject: --bug<-->
root@lath#
Subject '-->bug<--' was converted to '--bug<-->':
'>' symbol was unbalanced and prescan() stripped it. Then prescan()
found unbalanced '<' and added extra '>' symbol.
>Fix:
Well, to my mind there is design flow: there should be 2 different
functions: one for tokenization only and other for syntax checks.
Though my sendmail knowledge is not deep enough - maybe i'm wrong.
Anyway here is little (without altering whole sendmail sources) patch
for sendmail 8.12.9p2:
--- parseaddr.c.orig Thu Sep 25 08:53:37 2003
+++ parseaddr.c Wed Dec 31 17:49:47 2003
@@ -721,6 +721,8 @@
c = (*p++) & 0x00ff;
if (c == '\0')
{
+ if (SuprErrs) break;
+
/* diagnose and patch up bad syntax */
if (state == QST)
{
@@ -748,7 +750,7 @@
break;
/* special case for better error management */
- if (delim == ',' && !route_syntax)
+ if (delim == ',' && !route_syntax && !SuprErrs)
{
usrerr("553 Unbalanced '<'");
c = '>';
@@ -824,7 +826,7 @@
if (anglecnt <= 0)
{
usrerr("553 Unbalanced '>'");
- c = NOCHAR;
+ if (!SuprErrs) c = NOCHAR;
}
else
anglecnt--;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401071526.i07FQB7S023443>