Date: Mon, 19 Jan 2004 21:41:07 +0800 From: "Xin LI" <delphij@frontfree.net> To: "Anton Alin-Adrian" <aanton@reversedhell.net>, <freebsd-hackers@freebsd.org> Subject: Re: qmail remote root patch Message-ID: <010e01c3de91$e6daa9a0$0401a8c0@phantasm205> References: <400BD0CE.6050609@reversedhell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On page 54 of RFC2821, a text line should be shorter than 1000 characters if
I did not misunderstood it. So I'd proposal the following patch, which
mitigate the issue by rejecting anything which contains RFC-violation.
Cheers,
Xin LI
--- qmail-smtpd.c.orig Mon Jan 19 21:08:35 2004
+++ qmail-smtpd.c Mon Jan 19 21:38:31 2004
@@ -317,7 +317,17 @@
if (pos < 2) if (ch != "\r\n"[pos]) flagmaybey = 0;
if (flagmaybey) if (pos == 1) flaginheader = 0;
}
- ++pos;
+ if((++pos) > 1000) {
+ /*
+ * RFC 2821 has explicitly defined a text line can contain
+ * 1000 characters at maximium. This is a workaround to
+ * stop copying characters there, but I am not sure about
+ * the side effect. Consider this as an attack and set hops
+ * to MAXHOPS to prevent future processing.
+ */
+ *hops = MAXHOPS;
+ break;
+ }
if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez =
1; }
}
switch(state) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010e01c3de91$e6daa9a0$0401a8c0>