On Thu, 15 Oct 2009 21:09:25 +0300 Vladimir Dronnikov <[email protected]> wrote:
> OK. The fix is at http://busybox.net/~dvv/patch/sendmail.patch > > * added limit to the number of headers -- this prevents a possible > attack; > * removed the requirement for input to have at least one empty line > (delimiting headers and body) -- any line which contains no ':' is > treated as such a delimiter. We should also not treat lines starting with whitespace as such a delimiter - because of RFC2822 2.2.3 - "Long Header Fields". But that's probably really a corner case and not too common in the typical usage of busybox sendmail. I'll cook up a patch anyway, once I get to it. Have fun, Stefan -- Stefan Seyfried "Any ideas, John?" _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
