lmtpd NUL rejection
Lawrence Greenfield
leg+ at andrew.cmu.edu
Mon Jan 13 23:38:47 EST 2003
From: simon.brady at otago.ac.nz
Date: Tue, 14 Jan 2003 17:24:17 +1300 (NZDT)
[...]
Along the way, I've discovered a related bug in lmtpd (2.1.11). If a
misconfigured client sends a message with lines longer than 8190 chars,
the following code in imap/lmtpengine.c (lines 672-675) will incorrectly
report the presence of NULs:
else if (p[0] != '\n') {
/* line contained a \0 not at the end */
r = IMAP_MESSAGE_CONTAINSNULL;
continue;
(It assumes all lines end with '\n', which prot_fgets() doesn't
guarantee.)
I'm not sure what the right fix is for this. It's trivial to identify the
long-line case, but should lmtpd return an error (and if so, what?), or
should it try to handle this pathological case?
SMTP only requires 1000 character line support; 8000 is pretty
generous. I would define a new error in imap_err.et
(IMAP_LINE_TOO_LONG) and return that when appropriate.
Larry
More information about the Info-cyrus
mailing list