Claudio Jeker:
> > http://www.guninski.com/qmailcrash.html
> >
> I have seen it and it is not that worse as described. Nota bene a bug is a
> bug and needs fixing. This will be done in the next qmail-ldap patch.
How about this one?
Junjiro Okajima
--- qmail-smtpd.cO Mon Jun 15 19:53:16 1998
+++ qmail-smtpd.c Fri Jan 23 12:09:33 2004
@@ -28,6 +28,20 @@
unsigned int databytes = 0;
int timeout = 1200;
+/*
+ * rfc2821 said,,,
+ * text line
+ * The maximum total length of a text line including the <CRLF> is
+ * 1000 characters (not counting the leading dot duplicated for
+ * transparency). This number may be increased by the use of SMTP
+ * Service Extensions.
+ *
+ */
+#ifndef MAXHEADERLENGTH
+#define MAXHEADERLENGTH 1000
+#endif
+int longheader = 0;
+
int safewrite(fd,buf,len) int fd; char *buf; int len;
{
int r;
@@ -318,6 +332,7 @@
if (flagmaybey) if (pos == 1) flaginheader = 0;
}
++pos;
+ if (pos >= MAXHEADERLENGTH) { pos = 0; longheader = 1; }
if (ch == '\n') { pos = 0; flagmaybex = flagmaybey = flagmaybez = 1; }
}
switch(state) {
@@ -381,7 +396,7 @@
received(&qqt,"SMTP",local,remoteip,remotehost,remoteinfo,fakehelo);
blast(&hops);
hops = (hops >= MAXHOPS);
- if (hops) qmail_fail(&qqt);
+ if (hops || longheader) qmail_fail(&qqt);
qmail_from(&qqt,mailfrom.s);
qmail_put(&qqt,rcptto.s,rcptto.len);
@@ -389,6 +404,7 @@
if (!*qqx) { acceptmessage(qp); return; }
if (hops) { out("554 too many hops, this message is looping (#5.4.6)\r\n"); return;
}
if (databytes) if (!bytestooverflow) { out("552 sorry, that message size exceeds my
databytes limit (#5.3.4)\r\n"); return; }
+ if (longheader) { out("552 Too long header (#5.3.4)\r\n"); return; }
if (*qqx == 'D') out("554 "); else out("451 ");
out(qqx + 1);
out("\r\n");
