From d257b8046629e33d8317a166451123e8a5e160dc Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Thu, 16 Jan 2003 03:35:23 +0000 Subject: If MaxMimeHeaderLength is set and a malformed MIME header is fixed, log the fixup as "Fixed MIME header" instead of "Truncated MIME header". Problem noted by Ian J Hart. Submitted by: gshapiro --- mail/sendmail/Makefile | 2 +- mail/sendmail/files/patch-headers.c | 112 ++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 mail/sendmail/files/patch-headers.c (limited to 'mail/sendmail') diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index e137ac2077f8..2369313237cb 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -7,7 +7,7 @@ PORTNAME= sendmail PORTVERSION= 8.12.7 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,} diff --git a/mail/sendmail/files/patch-headers.c b/mail/sendmail/files/patch-headers.c new file mode 100644 index 000000000000..5af25b53b5c1 --- /dev/null +++ b/mail/sendmail/files/patch-headers.c @@ -0,0 +1,112 @@ +--- sendmail/headers.c 23 Sep 2002 23:42:02 -0000 8.266.4.2 ++++ sendmail/headers.c 13 Jan 2003 06:29:05 -0000 +@@ -15,7 +15,7 @@ + + SM_RCSID("@(#)$Id: headers.c,v 8.266.4.2 2002/09/23 23:42:02 ca Exp $") + +-static size_t fix_mime_header __P((char *)); ++static size_t fix_mime_header __P((HDR *, ENVELOPE *)); + static int priencode __P((char *)); + static void put_vanilla_header __P((HDR *, char *, MCI *)); + +@@ -1412,7 +1412,7 @@ + { + size_t len; + +- len = fix_mime_header(h->h_value); ++ len = fix_mime_header(h, e); + if (len > 0) + { + sm_syslog(LOG_ALERT, e->e_id, +@@ -1455,13 +1455,28 @@ + if (shorten_rfc822_string(h->h_value, + MaxMimeHeaderLength)) + { +- sm_syslog(LOG_ALERT, e->e_id, +- "Truncated long MIME %s header (length = %ld) (possible attack)", +- h->h_field, (unsigned long) len); +- if (tTd(34, 11)) +- sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n", +- h->h_field, +- (unsigned long) len); ++ if (len < MaxMimeHeaderLength) ++ { ++ /* we only rebalanced a bogus header */ ++ sm_syslog(LOG_ALERT, e->e_id, ++ "Fixed MIME %s header (possible attack)", ++ h->h_field); ++ if (tTd(34, 11)) ++ sm_dprintf(" fixed MIME %s header (possible attack)\n", ++ h->h_field); ++ } ++ else ++ { ++ /* we actually shortened header */ ++ sm_syslog(LOG_ALERT, e->e_id, ++ "Truncated long MIME %s header (length = %ld) (possible attack)", ++ h->h_field, ++ (unsigned long) len); ++ if (tTd(34, 11)) ++ sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n", ++ h->h_field, ++ (unsigned long) len); ++ } + } + } + +@@ -1856,7 +1871,8 @@ + ** to MaxMimeFieldLength. + ** + ** Parameters: +-** string -- the full header ++** h -- the header to truncate/rebalance ++** e -- the current envelope + ** + ** Returns: + ** length of last offending field, 0 if all ok. +@@ -1866,15 +1882,16 @@ + */ + + static size_t +-fix_mime_header(string) +- char *string; ++fix_mime_header(h, e) ++ HDR *h; ++ ENVELOPE *e; + { +- char *begin = string; ++ char *begin = h->h_value; + char *end; + size_t len = 0; + size_t retlen = 0; + +- if (string == NULL || *string == '\0') ++ if (begin == NULL || *begin == '\0') + return 0; + + /* Split on each ';' */ +@@ -1889,7 +1906,23 @@ + + /* Shorten individual parameter */ + if (shorten_rfc822_string(begin, MaxMimeFieldLength)) +- retlen = len; ++ { ++ if (len < MaxMimeFieldLength) ++ { ++ /* we only rebalanced a bogus field */ ++ sm_syslog(LOG_ALERT, e->e_id, ++ "Fixed MIME %s header field (possible attack)", ++ h->h_field); ++ if (tTd(34, 11)) ++ sm_dprintf(" fixed MIME %s header field (possible attack)\n", ++ h->h_field); ++ } ++ else ++ { ++ /* we actually shortened the header */ ++ retlen = len; ++ } ++ } + + /* Collapse the possibly shortened string with rest */ + bp = begin + strlen(begin); -- cgit v1.2.3