From owner-freebsd-ports  Thu Nov 11 13:20:14 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 113BA14D30
	for <freebsd-ports@FreeBSD.org>; Thu, 11 Nov 1999 13:20:06 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id NAA08690;
	Thu, 11 Nov 1999 13:20:06 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from blaubaer.kn-bremen.de (blaubaer.kn-bremen.de [195.37.179.254])
	by hub.freebsd.org (Postfix) with ESMTP id A981A14C82
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Nov 1999 13:10:22 -0800 (PST)
	(envelope-from nox@saturn.kn-bremen.de)
Received: from saturn.kn-bremen.de (uucp@localhost)
	by blaubaer.kn-bremen.de (8.9.1/8.9.1) with UUCP id WAA28382
	for FreeBSD-gnats-submit@freebsd.org; Thu, 11 Nov 1999 22:08:54 +0100
Received: (from nox@localhost)
	by saturn.kn-bremen.de (8.9.3/8.8.5) id WAA08087;
	Thu, 11 Nov 1999 22:01:15 +0100 (MET)
Message-Id: <199911112101.WAA08087@saturn.kn-bremen.de>
Date: Thu, 11 Nov 1999 22:01:15 +0100 (MET)
From: Juergen Lock <nox@jelal.kn-bremen.de>
Reply-To: nox@jelal.kn-bremen.de
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: ports/14826: security/fwtk smapd calls sendmail with wrong flags
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         14826
>Category:       ports
>Synopsis:       security/fwtk smapd calls sendmail with wrong flags
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 11 13:20:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Juergen Lock
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
me?  organized?
>Environment:

	3.3-STABLE i386, fwtk-2.1

>Description:

	fwtk's smapd calls sendmail without the -i flag when passing
	it mail from smap, resulting in truncated mail when a line
	starts with a `.'.

	(More patches for fwtk can be found at
	http://www.fwtk.org/fwtk/patches/patches.html,
	this is just the one appearing to be most critical...)

>How-To-Repeat:

	Put a line with a '.' in a mail sent to a host running
	smap/smapd.

>Fix:

--- /dev/null	Thu Nov 11 21:48:19 1999
+++ patches/patch-ba	Thu Nov 11 20:47:59 1999
@@ -0,0 +1,19 @@
+Index: smapd/smapd.c
+@@ -493,7 +493,7 @@
+ 
+ 		i = 0;
+ 		faka[i++] = smailprog;
+-		faka[i++] = "-f";
++		faka[i++] = "-if";
+ 		faka[i++] = fromaddr;
+ 
+ 		while(nrec != (struct towho *)0) {
+@@ -749,7 +749,7 @@
+ 
+ 	i = 0;
+ 	faka[i++] = smailprog;
+-	faka[i++] = "-f";
++	faka[i++] = "-if";
+ 	faka[i++] = "root";
+ 	faka[i++] = admin;
+ 	faka[i] = (char *)0;

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message