Update to Sendmail 8.12.8; fixes a buffer overflow in the envelope

comments processing which may allow an attacker to gain root privileges.

6 files changed, 98 insertions, 37 deletions

diff --git a/gnu/usr.sbin/sendmail/libmilter/comm.c b/gnu/usr.sbin/sendmail/libmilter/comm.c
index d73541e91ec..be3d76e18f1 100644
--- a/gnu/usr.sbin/sendmail/libmilter/comm.c
+++ b/gnu/usr.sbin/sendmail/libmilter/comm.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
+ *  Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -9,16 +9,11 @@
  */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Sendmail: comm.c,v 8.54.2.4 2002/12/03 17:32:45 ca Exp $")
+SM_RCSID("@(#)$Sendmail: comm.c,v 8.54.2.6 2003/01/03 22:14:40 ca Exp $")
 
 #include "libmilter.h"
 #include <sm/errstring.h>
 
-#define FD_Z	FD_ZERO(&readset);			\
-		FD_SET((unsigned int) sd, &readset);	\
-		FD_ZERO(&excset);			\
-		FD_SET((unsigned int) sd, &excset)
-
 /*
 **  MI_RD_CMD -- read a command
 **
@@ -46,7 +41,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
 	ssize_t len;
 	mi_int32 expl;
 	ssize_t i;
-	fd_set readset, excset;
+	FD_RD_VAR(rds, excs);
 	int ret;
 	int save_errno;
 	char *buf;
@@ -58,8 +53,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
 	i = 0;
 	for (;;)
 	{
-		FD_Z;
-		ret = select(sd + 1, &readset, NULL, &excset, timeout);
+		FD_RD_INIT(sd, rds, excs);
+		ret = FD_RD_READY(sd, rds, excs, timeout);
 		if (ret == 0)
 			break;
 		else if (ret < 0)
@@ -68,7 +63,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
 				continue;
 			break;
 		}
-		if (FD_ISSET(sd, &excset))
+		if (FD_IS_RD_EXC(sd, rds, excs))
 		{
 			*cmd = SMFIC_SELECT;
 			return NULL;
@@ -131,8 +126,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
 	i = 0;
 	for (;;)
 	{
-		FD_Z;
-		ret = select(sd + 1, &readset, NULL, &excset, timeout);
+		FD_RD_INIT(sd, rds, excs);
+		ret = FD_RD_READY(sd, rds, excs, timeout);
 		if (ret == 0)
 			break;
 		else if (ret < 0)
@@ -141,7 +136,7 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
 				continue;
 			break;
 		}
-		if (FD_ISSET(sd, &excset))
+		if (FD_IS_RD_EXC(sd, rds, excs))
 		{
 			*cmd = SMFIC_SELECT;
 			free(buf);
@@ -223,9 +218,8 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
 #define MI_WR(data)	\
 	while (sl > 0)							\
 	{								\
-		FD_ZERO(&wrtset);					\
-		FD_SET((unsigned int) sd, &wrtset);			\
-		ret = select(sd + 1, NULL, &wrtset, NULL, timeout);	\
+		FD_WR_INIT(sd, wrs);					\
+		ret = FD_WR_READY(sd, wrs, timeout);			\
 		if (ret == 0)						\
 			return MI_FAILURE;				\
 		if (ret < 0)						\
@@ -259,7 +253,7 @@ mi_wr_cmd(sd, timeout, cmd, buf, len)
 	ssize_t l;
 	mi_int32 nl;
 	int ret;
-	fd_set wrtset;
+	FD_WR_VAR(wrs);
 	char data[MILTER_LEN_BYTES + 1];
 
 	if (len > MILTER_CHUNK_SIZE)
diff --git a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_setreply.html b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_setreply.html
index 29cbbf8dff3..73852f21c4d 100644
--- a/gnu/usr.sbin/sendmail/libmilter/docs/smfi_setreply.html
+++ b/gnu/usr.sbin/sendmail/libmilter/docs/smfi_setreply.html
@@ -23,7 +23,8 @@ Set the default SMTP error reply code.
 <table border="1" cellspacing=1 cellpadding=4>
 <tr align="left" valign=top>
 <th width="80">Called When</th>
-<td>smfi_setreply may be called from any of the xxfi_ callbacks.</td>
+<td>smfi_setreply may be called from any of the xxfi_ callbacks
+other than xxfi_connect.</td>
 </tr>
 <tr align="left" valign=top>
 <th width="80">Effects</th>
diff --git a/gnu/usr.sbin/sendmail/libmilter/handler.c b/gnu/usr.sbin/sendmail/libmilter/handler.c
index edb666603d4..7592781b02e 100644
--- a/gnu/usr.sbin/sendmail/libmilter/handler.c
+++ b/gnu/usr.sbin/sendmail/libmilter/handler.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
+ *  Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -9,7 +9,7 @@
  */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Sendmail: handler.c,v 8.30.2.2 2002/12/18 23:15:35 ca Exp $")
+SM_RCSID("@(#)$Sendmail: handler.c,v 8.30.2.4 2003/01/23 22:28:36 ca Exp $")
 
 #include "libmilter.h"
 
diff --git a/gnu/usr.sbin/sendmail/libmilter/libmilter.h b/gnu/usr.sbin/sendmail/libmilter/libmilter.h
index 4696d0e56e1..b6eccad6264 100644
--- a/gnu/usr.sbin/sendmail/libmilter/libmilter.h
+++ b/gnu/usr.sbin/sendmail/libmilter/libmilter.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -19,7 +19,7 @@
 #ifdef _DEFINE
 # define EXTERN
 # define INIT(x)	= x
-SM_IDSTR(MilterlId, "@(#)$Sendmail: libmilter.h,v 8.33.2.7 2002/12/18 23:15:35 ca Exp $")
+SM_IDSTR(MilterlId, "@(#)$Sendmail: libmilter.h,v 8.33.2.9 2003/01/03 22:14:40 ca Exp $")
 #else /* _DEFINE */
 # define EXTERN extern
 # define INIT(x)
@@ -49,6 +49,72 @@ typedef pthread_mutex_t smutex_t;
 # define smutex_unlock(mp)	(pthread_mutex_unlock(mp) == 0)
 # define smutex_trylock(mp)	(pthread_mutex_trylock(mp) == 0)
 
+#if _FFR_USE_POLL
+
+# include <poll.h>
+# define MI_POLLSELECT  "poll"
+
+# define MI_POLL_RD_FLAGS (POLLIN | POLLPRI)
+# define MI_POLL_WR_FLAGS (POLLOUT)
+# define MI_MS(timeout)	(((timeout)->tv_sec * 1000) + (timeout)->tv_usec)
+
+# define FD_RD_VAR(rds, excs) struct pollfd rds
+# define FD_WR_VAR(wrs) struct pollfd wrs
+
+# define FD_RD_INIT(sd, rds, excs)			\
+		(rds).fd = (sd);			\
+		(rds).events = MI_POLL_RD_FLAGS;	\
+		(rds).revents = 0
+
+# define FD_WR_INIT(sd, wrs)				\
+		(wrs).fd = (sd);			\
+		(wrs).events = MI_POLL_WR_FLAGS;	\
+		(wrs).revents = 0
+
+# define FD_IS_RD_EXC(sd, rds, excs)	\
+		(((rds).revents & (POLLERR | POLLHUP | POLLNVAL)) != 0)
+
+# define FD_IS_WR_RDY(sd, wrs)		\
+		(((wrs).revents & MI_POLL_WR_FLAGS) != 0)
+
+# define FD_IS_RD_RDY(sd, rds, excs)			\
+		(((rds).revents & MI_POLL_RD_FLAGS) != 0)
+
+# define FD_WR_READY(sd, excs, timeout)	\
+		poll(&(wrs), 1, MI_MS(timeout))
+
+# define FD_RD_READY(sd, rds, excs, timeout)	\
+		poll(&(rds), 1, MI_MS(timeout))
+
+#else /* _FFR_USE_POLL */
+
+# include <sm/fdset.h>
+# define MI_POLLSELECT  "select"
+
+# define FD_RD_VAR(rds, excs) fd_set rds, excs
+# define FD_WR_VAR(wrs) fd_set wrs
+
+# define FD_RD_INIT(sd, rds, excs)			\
+		FD_ZERO(&(rds));			\
+		FD_SET((unsigned int) (sd), &(rds));	\
+		FD_ZERO(&(excs));			\
+		FD_SET((unsigned int) (sd), &(excs))
+
+# define FD_WR_INIT(sd, wrs)			\
+		FD_ZERO(&(wrs));			\
+		FD_SET((unsigned int) (sd), &(wrs));	\
+
+# define FD_IS_RD_EXC(sd, rds, excs) FD_ISSET(sd, &(excs))
+# define FD_IS_WR_RDY(sd, wrs) FD_ISSET((sd), &(wrs))
+# define FD_IS_RD_RDY(sd, rds, excs) FD_ISSET((sd), &(rds))
+
+# define FD_WR_READY(sd, wrs, timeout)	\
+		select((sd) + 1, NULL, &(wrs), NULL, (timeout))
+# define FD_RD_READY(sd, rds, excs, timeout)	\
+		select((sd) + 1, &(rds), NULL, &(excs), (timeout))
+
+#endif /* _FFR_USE_POLL */
+
 #include <sys/time.h>
 
 /* version info */
diff --git a/gnu/usr.sbin/sendmail/libmilter/listener.c b/gnu/usr.sbin/sendmail/libmilter/listener.c
index 587148593e9..472e01718ad 100644
--- a/gnu/usr.sbin/sendmail/libmilter/listener.c
+++ b/gnu/usr.sbin/sendmail/libmilter/listener.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
+ *  Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -9,7 +9,7 @@
  */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Sendmail: listener.c,v 8.85.2.7 2002/12/10 04:02:25 ca Exp $")
+SM_RCSID("@(#)$Sendmail: listener.c,v 8.85.2.9 2003/01/03 22:14:40 ca Exp $")
 
 /*
 **  listener.c -- threaded network listener
@@ -17,7 +17,6 @@ SM_RCSID("@(#)$Sendmail: listener.c,v 8.85.2.7 2002/12/10 04:02:25 ca Exp $")
 
 #include "libmilter.h"
 #include <sm/errstring.h>
-#include <sm/fdset.h>
 
 
 # if NETINET || NETINET6
@@ -74,6 +73,7 @@ mi_opensocket(conn, backlog, dbg, smfi)
 		(void) smutex_unlock(&L_Mutex);
 		return MI_FAILURE;
 	}
+#if !_FFR_USE_POLL
 	if (!SM_FD_OK_SELECT(listenfd))
 	{
 		smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
@@ -81,6 +81,7 @@ mi_opensocket(conn, backlog, dbg, smfi)
 		(void) smutex_unlock(&L_Mutex);
 		return MI_FAILURE;
 	}
+#endif /* !_FFR_USE_POLL */
 	return MI_SUCCESS;
 }
 
@@ -669,7 +670,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
 	_SOCK_ADDR cliaddr;
 	SOCKADDR_LEN_T clilen;
 	SMFICTX_PTR ctx;
-	fd_set readset, excset;
+	FD_RD_VAR(rds, excs);
 	struct timeval chktime;
 
 	if (mi_opensocket(conn, backlog, dbg, smfi) == MI_FAILURE)
@@ -687,13 +688,10 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
 		}
 
 		/* select on interface ports */
-		FD_ZERO(&readset);
-		FD_ZERO(&excset);
-		FD_SET((unsigned int) listenfd, &readset);
-		FD_SET((unsigned int) listenfd, &excset);
+		FD_RD_INIT(listenfd, rds, excs);
 		chktime.tv_sec = MI_CHK_TIME;
 		chktime.tv_usec = 0;
-		r = select(listenfd + 1, &readset, NULL, &excset, &chktime);
+		r = FD_RD_READY(listenfd, rds, excs, &chktime);
 		if (r == 0)		/* timeout */
 		{
 			(void) smutex_unlock(&L_Mutex);
@@ -718,14 +716,14 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
 			}
 			continue;
 		}
-		if (!FD_ISSET(listenfd, &readset))
+		if (!FD_IS_RD_RDY(listenfd, rds, excs))
 		{
 			/* some error: just stop for now... */
 			ret = MI_FAILURE;
 			(void) smutex_unlock(&L_Mutex);
 			smi_log(SMI_LOG_ERR,
-				"%s: select() returned exception for socket, abort",
-				smfi->xxfi_name);
+				"%s: %s() returned exception for socket, abort",
+				smfi->xxfi_name, MI_POLLSELECT);
 			break;
 		}
 		scnt = 0;	/* reset error counter for select() */
@@ -754,6 +752,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
 			save_errno = EINVAL;
 		}
 
+#if !_FFR_USE_POLL
 		/* check if acceptable for select() */
 		if (ValidSocket(connfd) && !SM_FD_OK_SELECT(connfd))
 		{
@@ -761,6 +760,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
 			connfd = INVALID_SOCKET;
 			save_errno = ERANGE;
 		}
+#endif /* !_FFR_USE_POLL */
 
 		if (!ValidSocket(connfd))
 		{
diff --git a/gnu/usr.sbin/sendmail/libmilter/main.c b/gnu/usr.sbin/sendmail/libmilter/main.c
index 3b2d7285c1c..08930ef888a 100644
--- a/gnu/usr.sbin/sendmail/libmilter/main.c
+++ b/gnu/usr.sbin/sendmail/libmilter/main.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 1999-2002 Sendmail, Inc. and its suppliers.
+ *  Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -9,7 +9,7 @@
  */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Sendmail: main.c,v 8.64.2.8 2002/12/18 23:13:45 ca Exp $")
+SM_RCSID("@(#)$Sendmail: main.c,v 8.64.2.10 2003/01/23 22:34:24 ca Exp $")
 
 #define _DEFINE	1
 #include "libmilter.h"