Update to sendmail 8.11.6, from the release notes:

SECURITY: Fix a possible memory access violation when specifying
	out-of-bounds debug parameters.  Problem detected by
	Cade Cairns of SecurityFocus.
Avoid leaking recipient information in unrelated DSNs.  This could
	happen if a connection is aborted, several mails had been
	scheduled for delivery via that connection, and the timeout
	is reached such that several DSNs are sent next.  Problem
	noted by Dileepan Moorkanat of Hewlett-Packard.
Fix a possible segmentation violation when specifying too many
	wildcard operators in a rule.  Problem detected by
	Werner Wiethege.
Avoid a segmentation fault on non-matching Hesiod lookups.  Problem
	noted by Russell McOrmond of flora.ca

14 files changed, 93 insertions, 37 deletions

diff --git a/gnu/usr.sbin/sendmail/RELEASE_NOTES b/gnu/usr.sbin/sendmail/RELEASE_NOTES
index 55683387541..00d2a7750d4 100644
--- a/gnu/usr.sbin/sendmail/RELEASE_NOTES
+++ b/gnu/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,11 +1,26 @@
 			SENDMAIL RELEASE NOTES
-      $Sendmail: RELEASE_NOTES,v 8.561.2.5.2.254 2001/07/31 22:42:46 gshapiro Exp $
+      $Sendmail: RELEASE_NOTES,v 8.561.2.5.2.261 2001/08/20 14:45:32 gshapiro Exp $
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.11.6/8.11.6	2001/08/20
+	SECURITY: Fix a possible memory access violation when specifying
+		out-of-bounds debug parameters.  Problem detected by
+		Cade Cairns of SecurityFocus.
+	Avoid leaking recipient information in unrelated DSNs.  This could
+		happen if a connection is aborted, several mails had been
+		scheduled for delivery via that connection, and the timeout
+		is reached such that several DSNs are sent next.  Problem
+		noted by Dileepan Moorkanat of Hewlett-Packard.
+	Fix a possible segmentation violation when specifying too many
+		wildcard operators in a rule.  Problem detected by
+		Werner Wiethege.
+	Avoid a segmentation fault on non-matching Hesiod lookups.  Problem
+		noted by Russell McOrmond of flora.ca
+
 8.11.5/8.11.5	2001/07/31
 	Fix a possible race condition when sending a HUP signal to restart
 		the daemon.  This could terminate the current process without
diff --git a/gnu/usr.sbin/sendmail/cf/README b/gnu/usr.sbin/sendmail/cf/README
index a953a6845e2..0d3964aa208 100644
--- a/gnu/usr.sbin/sendmail/cf/README
+++ b/gnu/usr.sbin/sendmail/cf/README
@@ -433,7 +433,7 @@ DECNET_RELAY	The host that will accept DECNET-addressed email.
 FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
 		The "fax" mailer overrides this value.
 LOCAL_RELAY	The site that will handle unqualified names -- that
-		is, names with out an @domain extension.
+		is, names without an @domain extension.
 		Normally MAIL_HUB is preferred for this function.
 		LOCAL_RELAY is mostly useful in conjunction with
 		FEATURE(stickyhost) -- see the discussion of
@@ -2148,7 +2148,7 @@ If a certain level of encryption is required, then it might also be
 possible that this level is provided by the security layer from a SASL
 algorithm, e.g., DIGEST-MD5.
 
-Example: e-mail send to secure.example.com should only use an encrypted
+Example: e-mail sent to secure.example.com should only use an encrypted
 connection. e-mail received from hosts within the laptop.example.com domain
 should only be accepted if they have been authenticated.
 TLS_Srv:secure.example.com      ENCR:112
@@ -3313,4 +3313,4 @@ M4 DIVERSIONS
    8	DNS based blacklists
    9	special local rulesets (1 and 2)
 
-$Revision: 1.7 $, Last updated $Date: 2001/08/01 01:01:40 $
+$Revision: 1.8 $, Last updated $Date: 2001/08/21 16:31:39 $
diff --git a/gnu/usr.sbin/sendmail/cf/m4/version.m4 b/gnu/usr.sbin/sendmail/cf/m4/version.m4
index 56cdc2b1ceb..366d1d8c144 100644
--- a/gnu/usr.sbin/sendmail/cf/m4/version.m4
+++ b/gnu/usr.sbin/sendmail/cf/m4/version.m4
@@ -11,8 +11,8 @@ divert(-1)
 # the sendmail distribution.
 #
 #
-VERSIONID(`$Sendmail: version.m4,v 8.39.4.33 2001/07/31 22:34:17 gshapiro Exp $')
+VERSIONID(`$Sendmail: version.m4,v 8.39.4.35 2001/08/20 14:45:34 gshapiro Exp $')
 #
 divert(0)
 # Configuration version number
-DZ8.11.5`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.11.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/gnu/usr.sbin/sendmail/doc/op/op.me b/gnu/usr.sbin/sendmail/doc/op/op.me
index 4b4faa88ef5..60b7b92df61 100644
--- a/gnu/usr.sbin/sendmail/doc/op/op.me
+++ b/gnu/usr.sbin/sendmail/doc/op/op.me
@@ -9,7 +9,7 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	$Sendmail: op.me,v 8.317.4.70 2001/07/24 04:08:25 ca Exp $
+.\"	$Sendmail: op.me,v 8.317.4.71 2001/08/14 15:26:00 ca Exp $
 .\"
 .\" eqn op.me | pic | troff -me
 .\"
@@ -87,7 +87,7 @@ eric@Sendmail.COM
 .de Ve
 Version \\$2
 ..
-.Ve $Revision: 1.7 $
+.Ve $Revision: 1.8 $
 .rm Ve
 .sp
 For Sendmail Version 8.11
@@ -6441,7 +6441,7 @@ only root and the owner of the queue directory
 can run the queue.
 Authentication Warnings add warnings about various conditions
 that may indicate attempts to spoof the mail system,
-such as using an non-standard queue directory.
+such as using a non-standard queue directory.
 .ip ProcessTitlePrefix=\fIstring\fP
 [no short name]
 Prefix the process title shown on 'ps' listings with
@@ -9475,7 +9475,7 @@ replace it with a blank sheet for double-sided output.
 .\".sz 10
 .\"Eric Allman
 .\".sp
-.\"Version $Revision: 1.7 $
+.\"Version $Revision: 1.8 $
 .\".ce 0
 .bp 3
 .ce
diff --git a/gnu/usr.sbin/sendmail/sendmail/README b/gnu/usr.sbin/sendmail/sendmail/README
index 533826c02be..9d3709bbae6 100644
--- a/gnu/usr.sbin/sendmail/sendmail/README
+++ b/gnu/usr.sbin/sendmail/sendmail/README
@@ -9,7 +9,7 @@
 # the sendmail distribution.
 #
 #
-#	$Sendmail: README,v 8.263.2.1.2.37 2001/06/03 03:41:12 ca Exp $
+#	$Sendmail: README,v 8.263.2.1.2.38 2001/08/15 22:07:11 gshapiro Exp $
 #
 
 This directory contains the source files for sendmail(TM).
@@ -114,6 +114,7 @@ HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
 		must already have Hesiod support on your system for this to
 		work.  You may be able to get this to work with the MIT/Athena
 		version of Hesiod, but that's likely to be a lot of work.
+		BIND 8.X also includes Hesiod support.
 LDAPMAP		Lightweight Directory Access Protocol support.  You will
 		have to install the UMich or OpenLDAP
 		(http://www.openldap.org/) ldap and lber libraries to use
@@ -1729,4 +1730,4 @@ util.c		Some general purpose routines used by sendmail.
 version.c	The version number and information about this
 		version of sendmail.
 
-(Version $Revision: 1.7 $, last update $Date: 2001/08/01 01:01:41 $ )
+(Version $Revision: 1.8 $, last update $Date: 2001/08/21 16:31:45 $ )
diff --git a/gnu/usr.sbin/sendmail/sendmail/clock.c b/gnu/usr.sbin/sendmail/sendmail/clock.c
index 55ea90675f6..fef2352bf5b 100644
--- a/gnu/usr.sbin/sendmail/sendmail/clock.c
+++ b/gnu/usr.sbin/sendmail/sendmail/clock.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: clock.c,v 8.52.18.17 2001/07/31 23:04:59 ca Exp $";
+static char id[] = "@(#)$Sendmail: clock.c,v 8.52.18.18 2001/08/14 16:07:04 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -426,6 +426,8 @@ pend_signal(sig)
 		abort();
 
 		/* NOTREACHED */
+		/* shut up stupid compiler warning on HP-UX 11 */
+		sigbit = 0;
 		break;
 	}
 
diff --git a/gnu/usr.sbin/sendmail/sendmail/err.c b/gnu/usr.sbin/sendmail/sendmail/err.c
index 05d17b79616..8551c1e85d8 100644
--- a/gnu/usr.sbin/sendmail/sendmail/err.c
+++ b/gnu/usr.sbin/sendmail/sendmail/err.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: err.c,v 8.120.4.3 2001/05/30 00:22:26 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: err.c,v 8.120.4.5 2001/08/17 22:09:40 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -776,10 +776,27 @@ fmtmsg(eb, to, num, enhsc, eno, fmt, ap)
 		spaceleft -= l;
 	}
 
-	/* output the "to" person */
+	/*
+	**  output the "to" address only if it is defined and one of the
+	**  following codes is used:
+	**  050 internal notices, e.g., alias expansion
+	**  250 Ok
+	**  252 Cannot VRFY user, but will accept message and attempt delivery
+	**  450 Requested mail action not taken: mailbox unavailable
+	**  550 Requested action not taken: mailbox unavailable
+	**  553 Requested action not taken: mailbox name not allowed
+	**
+	**  Notice: this still isn't "the right thing", this code shouldn't
+	**	(indirectly) depend on CurEnv->e_to.
+	*/
+
 	if (to != NULL && to[0] != '\0' &&
-	    strncmp(num, "551", 3) != 0 &&
-	    strncmp(num, "251", 3) != 0)
+	    (strncmp(num, "050", 3) == 0 ||
+	     strncmp(num, "250", 3) == 0 ||
+	     strncmp(num, "252", 3) == 0 ||
+	     strncmp(num, "450", 3) == 0 ||
+	     strncmp(num, "550", 3) == 0 ||
+	     strncmp(num, "553", 3) == 0))
 	{
 		(void) snprintf(eb, spaceleft, "%s... ",
 			shortenstring(to, MAXSHORTSTR));
diff --git a/gnu/usr.sbin/sendmail/sendmail/map.c b/gnu/usr.sbin/sendmail/sendmail/map.c
index bef91900a7d..709f9a6be37 100644
--- a/gnu/usr.sbin/sendmail/sendmail/map.c
+++ b/gnu/usr.sbin/sendmail/sendmail/map.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: map.c,v 8.414.4.54 2001/06/01 08:23:24 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: map.c,v 8.414.4.55 2001/08/15 22:08:58 gshapiro Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -5359,7 +5359,8 @@ hes_map_lookup(map, name, av, statp)
 			  *statp = EX_UNAVAILABLE;
 			  break;
 		}
-		hesiod_free_list(HesiodContext, hp);
+		if (hp != NULL)
+			hesiod_free_list(HesiodContext, hp);
 		return NULL;
 	}
 # else /* HESIOD_INIT */
diff --git a/gnu/usr.sbin/sendmail/sendmail/milter.c b/gnu/usr.sbin/sendmail/sendmail/milter.c
index 85ab27fc52a..2a8e95e151b 100644
--- a/gnu/usr.sbin/sendmail/sendmail/milter.c
+++ b/gnu/usr.sbin/sendmail/sendmail/milter.c
@@ -9,7 +9,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: milter.c,v 8.50.4.51 2001/07/20 00:53:01 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: milter.c,v 8.50.4.53 2001/08/15 02:01:03 ca Exp $";
 #endif /* ! lint */
 
 #if _FFR_MILTER
@@ -1100,7 +1100,7 @@ milter_setup(line)
 	m->mf_name = newstr(line);
 	m->mf_state = SMFS_READY;
 	m->mf_sock = -1;
- 	m->mf_timeout[SMFTO_CONNECT] = (time_t) 0;
+	m->mf_timeout[SMFTO_CONNECT] = (time_t) 0;
 	m->mf_timeout[SMFTO_WRITE] = (time_t) 10;
 	m->mf_timeout[SMFTO_READ] = (time_t) 10;
 	m->mf_timeout[SMFTO_EOM] = (time_t) 300;
@@ -1132,10 +1132,6 @@ milter_setup(line)
 		/* install the field into the filter struct */
 		switch (fcode)
 		{
-		  case 'C':
-			m->mf_timeout[SMFTO_CONNECT] = convtime(p, 's');
-			break;
-
 		  case 'S':		/* socket */
 			if (p == NULL)
 				m->mf_conn = NULL;
@@ -1281,6 +1277,14 @@ milter_parse_timeouts(spec, m)
 		/* install the field into the filter struct */
 		switch (fcode)
 		{
+		  case 'C':
+			m->mf_timeout[SMFTO_CONNECT] = convtime(p, 's');
+			if (tTd(64, 5))
+				printf("X%s: %c=%ld\n",
+				       m->mf_name, fcode,
+				       (u_long) m->mf_timeout[SMFTO_CONNECT]);
+			break;
+
 		  case 'S':
 			m->mf_timeout[SMFTO_WRITE] = convtime(p, 's');
 			if (tTd(64, 5))
diff --git a/gnu/usr.sbin/sendmail/sendmail/parseaddr.c b/gnu/usr.sbin/sendmail/sendmail/parseaddr.c
index 0c9fb14e458..f43ecafb125 100644
--- a/gnu/usr.sbin/sendmail/sendmail/parseaddr.c
+++ b/gnu/usr.sbin/sendmail/sendmail/parseaddr.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: parseaddr.c,v 8.234.4.12 2001/05/03 17:24:11 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: parseaddr.c,v 8.234.4.13 2001/08/14 23:08:13 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -767,9 +767,6 @@ struct match
 	char	**match_pattern;	/* pointer to pattern */
 };
 
-#define MAXMATCH	9	/* max params per rewrite */
-
-
 int
 rewrite(pvp, ruleset, reclevel, e)
 	char **pvp;
diff --git a/gnu/usr.sbin/sendmail/sendmail/readcf.c b/gnu/usr.sbin/sendmail/sendmail/readcf.c
index c6b7327e6f0..f9eaa2ffc0d 100644
--- a/gnu/usr.sbin/sendmail/sendmail/readcf.c
+++ b/gnu/usr.sbin/sendmail/sendmail/readcf.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: readcf.c,v 8.382.4.42 2001/07/31 22:30:24 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: readcf.c,v 8.382.4.43 2001/08/14 23:08:13 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -267,6 +267,11 @@ readcf(cfname, safe, e)
 				syserr("R line: null LHS");
 				rwp->r_lhs = null_list;
 			}
+			if (nfuzzy > MAXMATCH)
+			{
+				syserr("R line: too many wildcards");
+				rwp->r_lhs = null_list;
+			}
 
 			/* expand and save the RHS */
 			while (*++p == '\t')
diff --git a/gnu/usr.sbin/sendmail/sendmail/sendmail.h b/gnu/usr.sbin/sendmail/sendmail/sendmail.h
index 92e2c361322..d953cdfbf4f 100644
--- a/gnu/usr.sbin/sendmail/sendmail/sendmail.h
+++ b/gnu/usr.sbin/sendmail/sendmail/sendmail.h
@@ -20,7 +20,7 @@
 #ifdef _DEFINE
 # define EXTERN
 # ifndef lint
-static char SmailId[] =	"@(#)$Sendmail: sendmail.h,v 8.517.4.69 2001/07/20 18:46:01 gshapiro Exp $";
+static char SmailId[] =	"@(#)$Sendmail: sendmail.h,v 8.517.4.70 2001/08/14 23:08:12 ca Exp $";
 # endif /* ! lint */
 #else /* _DEFINE */
 # define EXTERN extern
@@ -765,6 +765,8 @@ struct rewrite
 /* to make the code clearer */
 #define MATCHZERO	CANONHOST
 
+#define MAXMATCH	9	/* max params per rewrite */
+
 /* external <==> internal mapping table */
 struct metamac
 {
diff --git a/gnu/usr.sbin/sendmail/sendmail/trace.c b/gnu/usr.sbin/sendmail/sendmail/trace.c
index 553f1e63695..2d9d4e414bf 100644
--- a/gnu/usr.sbin/sendmail/sendmail/trace.c
+++ b/gnu/usr.sbin/sendmail/sendmail/trace.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: trace.c,v 8.20.22.2 2000/09/17 17:04:27 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: trace.c,v 8.20.22.4 2001/08/15 13:05:43 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -63,7 +63,7 @@ void
 tTflag(s)
 	register char *s;
 {
-	int first, last;
+	unsigned int first, last;
 	register unsigned int i;
 
 	if (*s == '\0')
@@ -73,16 +73,28 @@ tTflag(s)
 	{
 		/* find first flag to set */
 		i = 0;
-		while (isascii(*s) && isdigit(*s))
+		while (isascii(*s) && isdigit(*s) && i < tTsize)
 			i = i * 10 + (*s++ - '0');
+
+		/*
+		**  skip over rest of a too large number
+		**  Maybe we should complain if out-of-bounds values are used.
+		*/
+
+		while (isascii(*s) && isdigit(*s) && i >= tTsize)
+			s++;
 		first = i;
 
 		/* find last flag to set */
 		if (*s == '-')
 		{
 			i = 0;
-			while (isascii(*++s) && isdigit(*s))
+			while (isascii(*++s) && isdigit(*s) && i < tTsize)
 				i = i * 10 + (*s - '0');
+
+			/* skip over rest of a too large number */
+			while (isascii(*s) && isdigit(*s) && i >= tTsize)
+				s++;
 		}
 		last = i;
 
diff --git a/gnu/usr.sbin/sendmail/sendmail/version.c b/gnu/usr.sbin/sendmail/sendmail/version.c
index bda076b275e..b3a2b4a73b1 100644
--- a/gnu/usr.sbin/sendmail/sendmail/version.c
+++ b/gnu/usr.sbin/sendmail/sendmail/version.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Sendmail: version.c,v 8.43.4.37 2001/07/31 22:34:20 gshapiro Exp $";
+static char id[] = "@(#)$Sendmail: version.c,v 8.43.4.39 2001/08/20 14:45:34 gshapiro Exp $";
 #endif /* ! lint */
 
-char	Version[] = "8.11.5";
+char	Version[] = "8.11.6";