[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: Busybox Sendmail segfaults with multiple inline recipients
From: Denys Vlasenko <vda.linux () googlemail ! com>
Date: 2017-08-22 13:54:23
Message-ID: CAK1hOcOS_-Gi5=131cZW_3+drB94K6xEHN8yG7VjetJAFH4UBw () mail ! gmail ! com
[Download RAW message or body]
Fixed in git, thanks
On Sat, Aug 19, 2017 at 1:08 AM, mark <mark-busybox@nysen.com> wrote:
> Hello,
>
> I came across a bug in the sendmail function of busybox when using the
> "-t" option and including multiple recipients in any of the inline mail
> headers (To, Cc, or Bcc).
>
> When multiple inline recipients are used within a header, busybox
> segfaults. This appears to be related to memory cleaning via free(). I've
> tested this with the alpine package of busybox (1.24.2 / 1.27.1) and also
> compiling from the busybox master branch on a debian box.
>
> I'm not a programmer, but the error seems to be related to the free()
> function on line 212 of mailutils/sendmail.c in the master branch.
>
> To reproduce (using google's mail server):
>
> $ echo "To: one@nowhere,two@nowhere" | ./busybox sendmail -S
> aspmx.l.google.com -ti
> sendmail: Bad recipient: <one@nowhere>
> sendmail: Bad recipient: <two@nowhere>
> Segmentation fault
>
> The "Bad recipient" is normal and expected in this case because the mail
> server is rejecting the addresses, but the segfault shouldn't be happening.
> I've tested this with other mail servers where the mails aren't rejected,
> but the segfault still occurs.
>
> Removing line 212 and recompiling resolves the error, but I assume this
> also removes some memory deallocation. My uneducated and totally wild guess
> is that str is being manipulated on lines 204-206 and then isn't a valid
> target for free(). I've attached a diff which removes that call to free()
> and resolves the problem, but I'm guessing this creates a memory leak.
>
> Busybox is a great piece of software. I'm amazed at how much it does
> with so little code. Thankyou for all the time you've put into it.
>
> Thanks,
>
> Mark
>
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic