Date: Thu, 6 May 1999 22:50:02 -0700 (PDT) From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/11552: sendmail local delivery (mail.local) can't handle long lines Message-ID: <199905070550.WAA13638@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/11552; it has been noted by GNATS. From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> To: freebsd-gnats-submit@FreeBSD.ORG, sendmail-bugs@sendmail.ORG Cc: Subject: Re: bin/11552: sendmail local delivery (mail.local) can't handle long lines Date: Fri, 7 May 1999 15:42:09 +1000 A slight correction to my previous problem: The bug appears to be a buffer size discrepancy between sendmail and mail.local. When using LMTP, sendmail chops its input into 2047-byte `lines' (ie it probably does fgets() into a 2048-byte buffer, though I can't quickly find the code). To send as LMTP, it appends a CR and LF. Additionally, if the input line begins with a `.' it prepends another `.'. Thus the worst-case LMTP line written by sendmail is 2050 bytes. mail.local reads input into a 2048 character buffer using fgets(), therefore it reads a maximum of 2047-bytes at once. In the worst case, this means that the 2050-byte line written by sendmail will be read as a 2047 byte line (with no terminating newline), followed by a 3 byte line. If these 3 bytes are `.' CR LF (ie the 2050-byte line sent by sendmail ended with a `.'), then mail.local sees it as the end of input. The problem will therefore occur when sendmail reads input of the form `.' (2045 characters) `.', where the first `.' is either at the beginning of the line, or on a 2047-byte boundary. Since SMTP has a line-length restriction of 1024 characters, any mail transferred via SMTP will have already been chopped into 1024 character segments, preventing this bug being triggered (though a similar bug could possibly occur). This being the case, a better patch would be to increase the size of `line' in mail.local.c:store() from 2048 to 2051 (or more) bytes. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905070550.WAA13638>