From aa0e6f45b5cc83e3a36d3ee5dfcf680d4a94a29b Mon Sep 17 00:00:00 2001 From: dm Date: Fri, 23 Feb 1996 17:45:34 +0000 Subject: sendmail 8.7.4 --- usr.sbin/sendmail/RELEASE_NOTES | 19 +++++++++++++++++-- usr.sbin/sendmail/src/headers.c | 6 ++++-- usr.sbin/sendmail/src/queue.c | 16 +++++++++++----- usr.sbin/sendmail/src/util.c | 13 +++++++++---- usr.sbin/sendmail/src/version.c | 4 ++-- 5 files changed, 43 insertions(+), 15 deletions(-) diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES index 7354490f5b6..c85c48fe0b2 100644 --- a/usr.sbin/sendmail/RELEASE_NOTES +++ b/usr.sbin/sendmail/RELEASE_NOTES @@ -1,11 +1,19 @@ SENDMAIL RELEASE NOTES - @(#)RELEASE_NOTES 8.7.3.1 (Berkeley) 12/3/95 + @(#)RELEASE_NOTES 8.7.4.1 (Berkeley) 2/18/96 + This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. -8.7.3/8.7.3 95/12/xx +8.7.4/8.7.3 96/02/18 + SECURITY: In some cases it was still possible for an attacker to + insert newlines into a queue file, thus allowing access to + any user (except root). + CONFIG: no changes -- it is not a bug that the configuration + version number is unchanged. + +8.7.3/8.7.3 95/12/03 Fix botch in name server timeout in RCPT code; this problem caused two responses in SMTP, which breaks things horribly. Fix from Gregory Neil Shapiro of WPI. @@ -1461,6 +1469,13 @@ summary of the changes in that release. contrib/rcpt-streaming src/Makefiles/Makefile.SunOS.5.x +8.6.13/8.6.12 95/01/25 + SECURITY: In some cases it was still possible for an attacker to + insert newlines into a queue file, thus allowing access to + any user (except root). + CONFIG: no changes -- it is not a bug that the configuration + version number is unchanged. + 8.6.12/8.6.12 95/03/28 Fix to IDENT code (it was getting the size of the reply buffer too small, so nothing was ever accepted). Fix from several diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c index ae242b1e258..748e2343f70 100644 --- a/usr.sbin/sendmail/src/headers.c +++ b/usr.sbin/sendmail/src/headers.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)headers.c 8.82 (Berkeley) 10/28/95"; +static char sccsid[] = "@(#)headers.c 8.82.1.1 (Berkeley) 2/18/96"; #endif /* not lint */ # include @@ -1253,6 +1253,8 @@ vanilla: putline(obuf, mci); p = ++nlp; obp = obuf; + if (*p != ' ' && *p != '\t') + *obp++ = ' '; } sprintf(obp, "%.*s", sizeof obuf - (obp - obuf) - 1, p); putline(obuf, mci); @@ -1437,7 +1439,7 @@ commaize(h, p, oldstyle, mci, e) firstone = FALSE; *p = savechar; } - (void) strcpy(obp, "\n"); + *obp = '\0'; putline(obuf, mci); } /* diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c index 97bf36cd808..bd89a31806a 100644 --- a/usr.sbin/sendmail/src/queue.c +++ b/usr.sbin/sendmail/src/queue.c @@ -36,9 +36,9 @@ #ifndef lint #ifdef QUEUE -static char sccsid[] = "@(#)queue.c 8.98 (Berkeley) 11/11/95 (with queueing)"; +static char sccsid[] = "@(#)queue.c 8.98.1.1 (Berkeley) 2/18/96 (with queueing)"; #else -static char sccsid[] = "@(#)queue.c 8.98 (Berkeley) 11/11/95 (without queueing)"; +static char sccsid[] = "@(#)queue.c 8.98.1.1 (Berkeley) 2/18/96 (without queueing)"; #endif #endif /* not lint */ @@ -247,7 +247,7 @@ queueup(e, announce) /* output body type */ if (e->e_bodytype != NULL) - fprintf(tfp, "B%s\n", e->e_bodytype); + fprintf(tfp, "B%s\n", denlstring(e->e_bodytype, TRUE, FALSE)); /* message from envelope, if it exists */ if (e->e_message != NULL) @@ -380,7 +380,9 @@ queueup(e, announce) /* output the header: expand macros, convert addresses */ if (bitset(H_DEFAULT, h->h_flags)) { - fprintf(tfp, "%s: %s\n", h->h_field, buf); + fprintf(tfp, "%s: %s\n", + h->h_field, + denlstring(buf, FALSE, TRUE)); } else if (bitset(H_FROM|H_RCPT, h->h_flags)) { @@ -397,7 +399,11 @@ queueup(e, announce) TrafficLogFile = savetrace; } else - fprintf(tfp, "%s: %s\n", h->h_field, h->h_value); + { + fprintf(tfp, "%s: %s\n", + h->h_field, + denlstring(h->h_value, FALSE, TRUE)); + } } /* diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c index 0685bf49c0f..cee16d89e5e 100644 --- a/usr.sbin/sendmail/src/util.c +++ b/usr.sbin/sendmail/src/util.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)util.c 8.84 (Berkeley) 11/18/95"; +static char sccsid[] = "@(#)util.c 8.84.1.1 (Berkeley) 2/18/96"; #endif /* not lint */ # include "sendmail.h" @@ -989,7 +989,14 @@ putxline(l, mci, pxflags) (void) putc(*l, mci->mci_out); fputs(mci->mci_mailer->m_eol, mci->mci_out); if (*l == '\n') - ++l; + { + if (*++l != ' ' && *l != '\t' && l[1] != '\0') + { + (void) putc(' ', mci->mci_out); + if (TrafficLogFile != NULL) + (void) putc(' ', TrafficLogFile); + } + } } while (l[0] != '\0'); } /* @@ -1993,7 +2000,6 @@ denlstring(s, strict, logattacks) for (p = bp; (p = strchr(p, '\n')) != NULL; ) *p++ = ' '; -/* #ifdef LOG if (logattacks) { @@ -2002,7 +2008,6 @@ denlstring(s, strict, logattacks) shortenstring(bp, 203)); } #endif -*/ return bp; } diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c index 644f1a276f4..9817429fc6f 100644 --- a/usr.sbin/sendmail/src/version.c +++ b/usr.sbin/sendmail/src/version.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)version.c 8.7.3.1 (Berkeley) 12/3/95"; +static char sccsid[] = "@(#)version.c 8.7.4.1 (Berkeley) 2/18/96"; #endif /* not lint */ -char Version[] = "8.7.3"; +char Version[] = "8.7.4"; -- cgit v1.2.3