From owner-freebsd-hackers@FreeBSD.ORG Mon Jan 19 13:48:57 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92F9516A4CE for ; Mon, 19 Jan 2004 13:48:57 -0800 (PST) Received: from reversedhell.net (reversedhell.net [216.240.143.80]) by mx1.FreeBSD.org (Postfix) with SMTP id DEF2143D1F for ; Mon, 19 Jan 2004 13:48:55 -0800 (PST) (envelope-from aanton@reversedhell.net) Received: (qmail 30846 invoked from network); 19 Jan 2004 21:51:12 -0000 Received: from unknown (HELO reversedhell.net) (81.196.32.25) by ns1.1plan.net with SMTP; 19 Jan 2004 21:51:12 -0000 Message-ID: <400C50EF.5080104@reversedhell.net> Date: Mon, 19 Jan 2004 23:49:35 +0200 From: Anton Alin-Adrian User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20031212 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-hackers@freebsd.org References: <20040120014314.S312-100000@prophet.alphaque.com> <400C3639.1000702@reversedhell.net> In-Reply-To: <400C3639.1000702@reversedhell.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: qmail remote patch X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2004 21:48:57 -0000 This patch attempts to implement rfc821 a bit. Also it defines the pos var as unsigned. Working till now.. --- qmail-smtpd.c.orig Mon Jun 15 13:53:16 1998 +++ qmail-smtpd.c Mon Jan 19 23:29:35 2004 @@ -1,3 +1,15 @@ +/* +* This is a patched version of qmail, implementing RFC 821 regarding text line limitations. +* Developed by Alin-Adrian Anton (aanton@reversedhell.net,burebista@lasting.ro) +* +* You may remove this banner if it annoys you. This patch is public domain, for the +* benefit of the community. +* +* It also fixes an integer overflow in the blast() function. + NOTE: it implements the most relaxed RFC821, as it is specified there. +*/ + + #include "sig.h" #include "readwrite.h" #include "stralloc.h" @@ -48,7 +60,6 @@ void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); _exit(1); } void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); flush(); _exit(1); } void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); _exit(1); } - void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n"); } void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n"); } void err_unimpl() { out("502 unimplemented (#5.5.1)\r\n"); } @@ -58,7 +69,7 @@ void err_noop() { out("250 ok\r\n"); } void err_vrfy() { out("252 send some mail, i'll try my best\r\n"); } void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); } - +void err_longline() { out("500 Line too long, please read RFC 821.\r\n"); flush(); _exit(1); } stralloc greeting = {0}; @@ -293,10 +304,46 @@ void blast(hops) int *hops; { + +/* +*RFC 821 August 1982 +* Simple Mail Transfer Protocol +* +* text line +* +* The maximum total length of a text line including the +* is 1000 characters (but not counting the leading +* dot duplicated for transparency). +* +* recipients buffer +* +* The maximum total number of recipients that must be +* buffered is 100 recipients. +* +* +* **************************************************** +* * * +* * TO THE MAXIMUM EXTENT POSSIBLE, IMPLEMENTATION * +* * TECHNIQUES WHICH IMPOSE NO LIMITS ON THE LENGTH * +* * OF THESE OBJECTS SHOULD BE USED. * +* * * +* **************************************************** +* +* Errors due to exceeding these limits may be reported by using +* the reply codes, for example: +* +* 500 Line too long. +* +* 501 Path too long +* +* 552 Too many recipients. +* +* 552 Too much mail data. +*/ char ch; int state; int flaginheader; - int pos; /* number of bytes since most recent \n, if fih */ + unsigned int pos; /* number of bytes since most recent \n, if fih */ int flagmaybex; /* 1 if this line might match RECEIVED, if fih */ int flagmaybey; /* 1 if this line might match \r\n, if fih */ int flagmaybez; /* 1 if this line might match DELIVERED, if fih */ @@ -317,7 +364,8 @@ if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0; if (flagmaybey) if (pos == 1) flaginheader = 0; } - ++pos; + if (++pos>65535-1) err_longline(); /* will bail out nicely with err 500 */ + if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez = 1; } } switch(state) {