bugs in spool_copy_message()
Derrick J Brashear
shadow at dementia.org
Wed Oct 27 14:14:39 EDT 2004
Actually, I will look at this this afternoon; I have a couple other bugs I
need to look at first.
On Wed, 27 Oct 2004, Philip Chambers wrote:
> I have just found two flaws in the code which takes a message into cyrus (typically
> during the DATA phase of LMTP. I am amazed that one has existed for so long.
>
> It means that messages with a line longer that 8190 bytes will be rejected with the
> error "Message contains NUL characters". (Confirmed in testing.)
>
> The code is in spool_copy_message() in spool.c (used to be in copy_message() in
> lmtpengine.c.
>
> The problems are in the loop: while(prot_fgets(...)).
>
> The code after "else if (p[0] == '\r')" ignores the case of a long line which
> contains \r\0 within it when it is the \0 which fills the buffer. The code will
> fail to notice the \0.
>
> More importantly, a line longer than 8190 characters will be picked up by the else
> statement (else if (p[0] != '\n') and treated as if it has a \0 in it even though it
> does not!
>
> I am about to work out a fix but, given the importance of this code, I need to spend
> a lot of time making sure I do not introduce a new bug.
>
> As I said, I find it hard to believe that cyrus has been unable to handle long lines
> for so long!
>
> Phil.
> ---------------------------------------
> Phil Chambers (postmaster at exeter.ac.uk)
> University of Exeter
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list