|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Luyer (david_luyer
pacific.net.au)Date: Wed May 30 2001 - 06:00:52 CDT
Emmanuel Galanos suggested, off-list, sendmail -d35.35
Here's the trailing bit:
macset(g as MAILER-DAEMONmy.host.name)
expand(MSP)
expand ==> MSP
expand(MSP)
expand ==> MSP
redefine(g as <null>)
segmentation violation
A strange thing is that it seems (?) I need to have:
>> sendmail -t
To: avalid.domain;bvalid.domain
to segfault; the domains can be different, but if either is not valid I don't
get the segfault. Even though the ; is not valid and this expands to
a"valid.domain;b"valid.comain, and "valid.domain;b" is never going to be
a valid domain...
And, I do get a mail bounce, so the segfault happens after the mail bounce is
sent.
Most likely this isn't a security problem based on the fact it is probably a
null dereference from somewhere after the redefine(g as <null>). But it's
pretty hard to be sure without someone finding the actual bug. [And I'm not
likely to have a chance to give it a good look, so it would be good if someone
else with Debian/unstable's sendmail and more time could replicate it...]
David.
-- David Luyer Phone: +61 3 9674 7525 Engineering Projects Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]