Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: Sendmail 8.6.10: what's different?

Sendmail 8.6.10: what's different?

der Mouse (mouseCollatz.McRCIM.McGill.EDU)
Thu, 23 Feb 1995 07:58:00 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Adams: "Re: snooper watchers"
Previous message: Michael Van Norman: "Re: new sendmail bug?"
Next in thread: Igor V. Semenyuk: "Re: Sendmail 8.6.10: what's different?"

I diffed 8.6.10 against what I was previously running (8.6.8).
Significant changes from bugtraq's point of view are mostly being more
paranoid about believing strings coming from possibly-untrustworthy
sources.  Here's the list:

- Truncate df files when collecting, as mentioned in the RELEASE_NOTES.
- When processing ident info, call cleanstrcpy() to strip trash from
  the returned username.
- The -B command-line flag argument is checked; it must be 7bit or
  8bitmime.  (8.6.8 blindly believed whatever was handed to it.)
- The -f command-line flag strips newlines from its argument.
- The -p command-line flag is a bit more paranoid about what's passed
  to it; the argument is now length-limited and cleanstrcpy()ed.
- FullName (taken from $NAME, or -F command-line flag) is now checked
  for newlines.
- map.c has lots of changes I don't understand; most of them probably
  are not relevant, but some may be.
- When creating a queue file, delete newlines from several things:
  specifically, the M, $r, $s, $_, S, E, R, and C lines.
- A macro defintion will have its argument cleanstrcpy()ed if the
  source of the string is not safe (eg, command-line).
- In sendtolist(), newlines are stripped from something - the list of
  addresses, I think, but I could be wrong.
- When generating a failure letter, the Subject: header is
  length-limited, apparently to avoid a buffer overflow.
- When generating the initial 220 greeting for SMTP, newlines are
  checked for and the message truncated at the first one if found.

cleanstrcpy(), referred to several times above, is like strcpy, but it
strips newlines and copies only a restricted set of characters:
letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen,
there's no indication.

In the above, "strips newlines" actually means replacing them with
spaces, not deleting them entirely.  (If a newline is found, sendmail
tries to log a warning.)

					der Mouse

			    mousecollatz.mcrcim.mcgill.edu

Next message: John Adams: "Re: snooper watchers"
Previous message: Michael Van Norman: "Re: new sendmail bug?"
Next in thread: Igor V. Semenyuk: "Re: Sendmail 8.6.10: what's different?"