PS: Somehow I screwed up the news.pod file. Attached are better patches. Harri
Index: inn2-2.6.1/doc/pod/news.pod =================================================================== --- inn2-2.6.1.orig/doc/pod/news.pod +++ inn2-2.6.1/doc/pod/news.pod @@ -29,6 +29,13 @@ field body. Thanks to Kamil Jonca for t =item * +Fixed a bug in B<inews> that was rejecting articles containing header +fields whose length exceeded 998 bytes. This limitation is for the +length of a single line of a header field, not for the whole header +field. + +=item * + The default value for the I<tlscompression> parameter in F<inn.conf> has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application Index: inn2-2.6.1/frontends/inews.c =================================================================== --- inn2-2.6.1.orig/frontends/inews.c +++ inn2-2.6.1/frontends/inews.c @@ -34,7 +34,6 @@ #define HEADER_DELTA 20 #define GECOSTERM(c) \ ((c) == ',' || (c) == ';' || (c) == ':' || (c) == LPAREN) -#define HEADER_STRLEN 998 typedef enum _HEADERTYPE { HTobs, @@ -122,7 +121,7 @@ static HEADER Table[] = { static void QuitServer(int x) { - char buff[HEADER_STRLEN]; + char buff[MED_BUFFER]; char *p; if (Spooling) @@ -196,13 +195,22 @@ TrimSpaces(char *p) static char * NextHeader(char *p) { - for ( ; ; p++) { - if ((p = strchr(p, '\n')) == NULL) + char *q; + for (q = p; ; p++) { + if ((p = strchr(p, '\n')) == NULL) { die("article is all headers"); - if (!ISWHITE(p[1])) { - *p = '\0'; - return p + 1; - } + } + /* Check the maximum length of a single line. */ + if (p - q + 1 > MAXARTLINELENGTH) { + die("header line too long"); + } + /* Check if there is a continuation line for the header. */ + if (ISWHITE(p[1])) { + q = p + 1; + continue; + } + *p = '\0'; + return p + 1; } } @@ -796,7 +804,7 @@ OfferArticle(char *buff, bool Authorized { fprintf(ToServer, "post\r\n"); SafeFlush(ToServer); - if (fgets(buff, HEADER_STRLEN, FromServer) == NULL) + if (fgets(buff, MED_BUFFER, FromServer) == NULL) sysdie(Authorized ? "Can't offer article to server (authorized)" : "Can't offer article to server"); return atoi(buff); @@ -866,8 +874,8 @@ main(int ac, char *av[]) struct passwd *pwp; char *article; char *deadfile; - char buff[HEADER_STRLEN]; - char SpoolMessage[HEADER_STRLEN]; + char buff[MED_BUFFER]; + char SpoolMessage[MED_BUFFER]; bool DoSignature; bool AddOrg; size_t Length; @@ -987,7 +995,7 @@ main(int ac, char *av[]) setbuf(ToServer, xmalloc(BUFSIZ)); fprintf(ToServer, "mode reader\r\n"); SafeFlush(ToServer); - if (fgets(buff, HEADER_STRLEN, FromServer) == NULL) + if (fgets(buff, MED_BUFFER, FromServer) == NULL) sysdie("cannot tell server we're reading"); if ((j = atoi(buff)) != NNTP_ERR_COMMAND) i = j; @@ -1024,13 +1032,6 @@ main(int ac, char *av[]) /* Do final checks. */ if (i == 0 && HDR(_control) == NULL) die("article is empty"); - for (hp = Table; hp < ARRAY_END(Table); hp++) - if (hp->Value && (int)strlen(hp->Value) + hp->Size > HEADER_STRLEN) - die("%s header is too long", hp->Name); - for (i = 0; i < OtherCount; i++) - if ((int)strlen(OtherHeaders[i]) > HEADER_STRLEN) - die("header too long (maximum length is %d): %.40s...", - HEADER_STRLEN, OtherHeaders[i]); if (Dump) { /* Write the headers and a blank line. */
Index: inn2-2.6.1/doc/pod/news.pod =================================================================== --- inn2-2.6.1.orig/doc/pod/news.pod +++ inn2-2.6.1/doc/pod/news.pod @@ -23,6 +23,12 @@ authentication credentials are concerned =item * +B<mailpost> now removes empty header fields before attempting to post +articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: header +field body. Thanks to Kamil Jonca for the bug report. + +=item * + The default value for the I<tlscompression> parameter in F<inn.conf> has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application Index: inn2-2.6.1/frontends/mailpost.in =================================================================== --- inn2-2.6.1.orig/frontends/mailpost.in +++ inn2-2.6.1/frontends/mailpost.in @@ -84,6 +84,8 @@ die "Directory $Tmpdir is not writable\n if ($debugging || $opt_n) { $Sendmail = "cat" ; $WhereTo = "cat" ; +} else { + $Sendmail = sprintf($Sendmail, $Maintainer); } # @@ -150,6 +152,8 @@ my $hdr = undef; my $txt = undef; my $message_id ; my $subject = "(NONE)"; +my @emptyHdrs = (); +my $emptyHdrsString; $_ = <STDIN>; if (!$_) { @@ -213,6 +217,13 @@ for (;;) { next if /^Approved:\s/sio && defined($approved); next if /^Distribution:\s/sio && defined($distribution); + # Collect empty header field names. + if (/^([^:]+):\s*$/) { + # 975 = 998 - length("X-Mailpost-Empty-Hdrs: ") + push(@emptyHdrs, $1) if length($1) < 975; + next; + } + if (/^($exclude):\s*/sio) { $real_news_hdrs .= "$_\n"; next; @@ -314,6 +325,11 @@ $real_news_hdrs .= "Distribution: ${dist $real_news_hdrs .= "Approved: ${approved}\n" if defined($approved); $real_news_hdrs .= "References: ${references}\n" if defined($references); +# Keep trace of empty header fields. +$emptyHdrsString = join("\n\t", @emptyHdrs); +$real_news_hdrs .= "X-Mailpost-Empty-Hdrs: $emptyHdrsString\n" + if (length($emptyHdrsString) > 0); + # Remove duplicate headers. my %headers = (); $real_news_hdrs =~ s/((.*?:) .*?($|\n)([ \t]+.*?($|\n))*)/$headers{lc$2}++?"":"$1"/ges; @@ -329,7 +345,7 @@ if (!open TMPFILE,">$tmpfile") { if ($use_syslog) { syslog("err", "$msg") unless $debugging || -t STDERR; } - open(TMPFILE, "|" . sprintf ($Sendmail, $Maintainer)) || + open(TMPFILE, "|" . $Sendmail) || die "die(no tmpfile): sendmail: $!\n" ; print TMPFILE <<"EOF"; To: $Maintainer @@ -516,7 +532,7 @@ sub mailArtAndDie { syslog("err", "$msg") if $use_syslog; print STDERR $msg,"\n" if -t STDERR ; - open(SENDMAIL, "|" . sprintf ($Sendmail,$Maintainer)) || + open(SENDMAIL, "|" . $Sendmail) || die "die($msg): sendmail: $!\n" ; print SENDMAIL <<"EOF" ; To: $Maintainer
Index: inn2-2.6.1/doc/pod/news.pod =================================================================== --- inn2-2.6.1.orig/doc/pod/news.pod +++ inn2-2.6.1/doc/pod/news.pod @@ -29,6 +29,13 @@ field body. Thanks to Kamil Jonca for t =item * +Fixed a bug in B<inews> that was rejecting articles containing header +fields whose length exceeded 998 bytes. This limitation is for the +length of a single line of a header field, not for the whole header +field. + +=item * + The default value for the I<tlscompression> parameter in F<inn.conf> has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application Index: inn2-2.6.1/frontends/inews.c =================================================================== --- inn2-2.6.1.orig/frontends/inews.c +++ inn2-2.6.1/frontends/inews.c @@ -34,7 +34,6 @@ #define HEADER_DELTA 20 #define GECOSTERM(c) \ ((c) == ',' || (c) == ';' || (c) == ':' || (c) == LPAREN) -#define HEADER_STRLEN 998 typedef enum _HEADERTYPE { HTobs, @@ -122,7 +121,7 @@ static HEADER Table[] = { static void QuitServer(int x) { - char buff[HEADER_STRLEN]; + char buff[MED_BUFFER]; char *p; if (Spooling) @@ -196,13 +195,22 @@ TrimSpaces(char *p) static char * NextHeader(char *p) { - for ( ; ; p++) { - if ((p = strchr(p, '\n')) == NULL) + char *q; + for (q = p; ; p++) { + if ((p = strchr(p, '\n')) == NULL) { die("article is all headers"); - if (!ISWHITE(p[1])) { - *p = '\0'; - return p + 1; - } + } + /* Check the maximum length of a single line. */ + if (p - q + 1 > MAXARTLINELENGTH) { + die("header line too long"); + } + /* Check if there is a continuation line for the header. */ + if (ISWHITE(p[1])) { + q = p + 1; + continue; + } + *p = '\0'; + return p + 1; } } @@ -796,7 +804,7 @@ OfferArticle(char *buff, bool Authorized { fprintf(ToServer, "post\r\n"); SafeFlush(ToServer); - if (fgets(buff, HEADER_STRLEN, FromServer) == NULL) + if (fgets(buff, MED_BUFFER, FromServer) == NULL) sysdie(Authorized ? "Can't offer article to server (authorized)" : "Can't offer article to server"); return atoi(buff); @@ -866,8 +874,8 @@ main(int ac, char *av[]) struct passwd *pwp; char *article; char *deadfile; - char buff[HEADER_STRLEN]; - char SpoolMessage[HEADER_STRLEN]; + char buff[MED_BUFFER]; + char SpoolMessage[MED_BUFFER]; bool DoSignature; bool AddOrg; size_t Length; @@ -987,7 +995,7 @@ main(int ac, char *av[]) setbuf(ToServer, xmalloc(BUFSIZ)); fprintf(ToServer, "mode reader\r\n"); SafeFlush(ToServer); - if (fgets(buff, HEADER_STRLEN, FromServer) == NULL) + if (fgets(buff, MED_BUFFER, FromServer) == NULL) sysdie("cannot tell server we're reading"); if ((j = atoi(buff)) != NNTP_ERR_COMMAND) i = j; @@ -1024,13 +1032,6 @@ main(int ac, char *av[]) /* Do final checks. */ if (i == 0 && HDR(_control) == NULL) die("article is empty"); - for (hp = Table; hp < ARRAY_END(Table); hp++) - if (hp->Value && (int)strlen(hp->Value) + hp->Size > HEADER_STRLEN) - die("%s header is too long", hp->Name); - for (i = 0; i < OtherCount; i++) - if ((int)strlen(OtherHeaders[i]) > HEADER_STRLEN) - die("header too long (maximum length is %d): %.40s...", - HEADER_STRLEN, OtherHeaders[i]); if (Dump) { /* Write the headers and a blank line. */
pgp7GIOZWntaO.pgp
Description: OpenPGP digital signature