Update to sendmail 8.12.1.

A potential security problem has been uncovered in 8.12.0 which might
be exploited locally by malicious users to gain access to the client
mail queue.  However, as long as the MTA accepts local connections,
the possible consequences of this potential local exploit are small.
Notice: some operating systems don't provide a way to completely drop
privileges from a set-group-ID program.  In that case sendmail refuses
to run if unsafe options are given.

1 files changed, 4 insertions, 3 deletions

diff --git a/gnu/usr.sbin/sendmail/makemap/makemap.c b/gnu/usr.sbin/sendmail/makemap/makemap.c
index f8c7bc28404..4637e2f4ad7 100644
--- a/gnu/usr.sbin/sendmail/makemap/makemap.c
+++ b/gnu/usr.sbin/sendmail/makemap/makemap.c
@@ -20,7 +20,7 @@ SM_IDSTR(copyright,
      Copyright (c) 1992, 1993\n\
 	The Regents of the University of California.  All rights reserved.\n")
 
-SM_IDSTR(id, "@(#)$Sendmail: makemap.c,v 8.170 2001/08/28 23:07:04 gshapiro Exp $")
+SM_IDSTR(id, "@(#)$Sendmail: makemap.c,v 8.173 2001/09/26 22:18:21 ca Exp $")
 
 
 #include <sys/types.h>
@@ -50,7 +50,7 @@ uid_t	TrustedUid = 0;
 BITMAP256 DontBlameSendmail;
 
 #define BUFSIZE		1024
-#define ISSEP(c) ((sep == '\0' && isascii(c) && isspace(c)) || (c) == sep)
+#define ISSEP(c) (sep == '\0' ? isascii(c) && isspace(c) : (c) == sep)
 
 static void
 usage(progname)
@@ -428,7 +428,7 @@ main(argc, argv)
 
 			if (*p != '\0')
 				*p++ = '\0';
-			while (ISSEP(*p))
+			while (*p != '\0' && ISSEP(*p))
 				p++;
 			if (!allowempty && *p == '\0')
 			{
@@ -510,6 +510,7 @@ main(argc, argv)
 	smdb_free_database(database);
 
 	exit(exitstat);
+
 	/* NOTREACHED */
 	return exitstat;
 }