[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: From the sendmail 8.8.5 patch
From: Aleph One <aleph1 () dfw ! net>
Date: 1997-01-21 21:30:17
[Download RAW message or body]
SENDMAIL RELEASE NOTES
! @(#)RELEASE_NOTES 8.8.5.3 (Berkeley) 1/21/97
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+
+ 8.8.5/8.8.5 97/01/21
+ SECURITY: Clear out group list during startup. Without this, sendmail
+ will continue to run with the group permissions of the caller,
+ even if RunAsUser is specified.
+ SECURITY: Make purgestat (-bH) be root-only. This is not in response
+ to any known attack, but it's best to be conservative.
+ Suggested by Peter Wemm of DIALix.
+ SECURITY: Fix buffer overrun problem in MIME code that has possible
+ security implications. Patch from Alex Garthwaite of the
+ University of Pennsylvania.
diff -r -c sendmail-8.8.4/src/mime.c sendmail-8.8.5/src/mime.c
*** sendmail-8.8.4/src/mime.c Sun Nov 24 07:27:26 1996
--- sendmail-8.8.5/src/mime.c Tue Jan 14 17:21:22 1997
***************
*** 36,42 ****
# include <string.h>
#ifndef lint
! static char sccsid[] = "@(#)mime.c 8.51 (Berkeley) 11/24/96";
#endif /* not lint */
/*
--- 36,42 ----
# include <string.h>
#ifndef lint
! static char sccsid[] = "@(#)mime.c 8.54 (Berkeley) 1/14/97";
#endif /* not lint */
/*
***************
*** 958,967 ****
register char *p;
char *cte;
char **pvp;
- u_char *obp;
u_char *fbufp;
char buf[MAXLINE];
- u_char obuf[MAXLINE + 1];
u_char fbuf[MAXLINE + 1];
char pvpbuf[MAXLINE];
extern u_char MimeTokenTab[256];
--- 958,965 ----
***************
*** 1045,1053 ****
c2 = CHAR64(c2);
*fbufp = (c1 << 2) | ((c2 & 0x30) >> 4);
! if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE])
{
! if (*--fbufp != '\n' || *--fbufp != '\r')
fbufp++;
*fbufp = '\0';
putline((char *) fbuf, mci);
--- 1043,1052 ----
c2 = CHAR64(c2);
*fbufp = (c1 << 2) | ((c2 & 0x30) >> 4);
! if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])
{
! if (*--fbufp != '\n' ||
! (fbufp > fbuf && *--fbufp != '\r'))
fbufp++;
*fbufp = '\0';
putline((char *) fbuf, mci);
***************
*** 1057,1065 ****
continue;
c3 = CHAR64(c3);
*fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
! if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE])
{
! if (*--fbufp != '\n' || *--fbufp != '\r')
fbufp++;
*fbufp = '\0';
putline((char *) fbuf, mci);
--- 1056,1065 ----
continue;
c3 = CHAR64(c3);
*fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
! if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])
{
! if (*--fbufp != '\n' ||
! (fbufp > fbuf && *--fbufp != '\r'))
fbufp++;
*fbufp = '\0';
putline((char *) fbuf, mci);
***************
*** 1069,1103 ****
continue;
c4 = CHAR64(c4);
*fbufp = ((c3 & 0x03) << 6) | c4;
! if (*fbufp++ == '\n' || fbuf >= &fbuf[MAXLINE])
{
! if (*--fbufp != '\n' || *--fbufp != '\r')
fbufp++;
*fbufp = '\0';
putline((char *) fbuf, mci);
fbufp = fbuf;
}
}
-
- /* force out partial last line */
- if (fbufp > fbuf)
- {
- *fbufp = '\0';
- putline((char *) fbuf, mci);
- }
}
else
{
/* quoted-printable */
! obp = obuf;
while (fgets(buf, sizeof buf, e->e_dfp) != NULL)
{
! if (mime_fromqp((u_char *) buf, &obp, 0, &obuf[MAXLINE] - obp) == 0)
continue;
! putline((char *) obuf, mci);
! obp = obuf;
}
}
if (tTd(43, 3))
printf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
--- 1069,1105 ----
continue;
c4 = CHAR64(c4);
*fbufp = ((c3 & 0x03) << 6) | c4;
! if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])
{
! if (*--fbufp != '\n' ||
! (fbufp > fbuf && *--fbufp != '\r'))
fbufp++;
*fbufp = '\0';
putline((char *) fbuf, mci);
fbufp = fbuf;
}
}
}
else
{
/* quoted-printable */
! fbufp = fbuf;
while (fgets(buf, sizeof buf, e->e_dfp) != NULL)
{
! if (mime_fromqp((u_char *) buf, &fbufp, 0,
! &fbuf[MAXLINE] - fbufp) == 0)
continue;
! putline((char *) fbuf, mci);
! fbufp = fbuf;
}
+ }
+
+ /* force out partial last line */
+ if (fbufp > fbuf)
+ {
+ *fbufp = '\0';
+ putline((char *) fbuf, mci);
}
if (tTd(43, 3))
printf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic