Re: SpamCop - Misdirected Bounce Messages

Fri, 11 Mar 2005 01:23:43 -0800 

> > --- qmail-smtpd.c 2005-03-10 07:19:54.000000000 +0200
> > +++ qmail-smtpd.c.new 2005-03-10 10:47:27.000000000 +0200
> > @@ -987,8 +987,18 @@
> >    if (sendercheck && !bounceflag) {
> >      if (!goodmailaddr()) { /* good mail addrs go through anyway */
> >        if (addrlocals()) {
> > - char *s;
> > -        switch (ldaplookup(addr.s, &s)) {
> > + char *s,*x,temp[1024];
> > + strcpy(temp,addr.s);
>
> strcpy should crash and burn. You just added a poissible buffer overflow
> to qmail. DON'T USE strcpy() USE strlcpy() or the djb functions.
> The same goes for sprintf() use snprintf() in ANY case.
>
> > +        x = strchr(addr.s,'@'); /* check for position of @ in address */
> > +        if(x != NULL)
> > +        {
> > +                strcpy(temp,++x); /* ie. telkomsa.net */
> > +                while ((x = strchr(temp,'.')) != NULL)
> > +                        *x = '_';  /* telkomsa_net */
> > +                sprintf(temp,"%s-%s",temp,addr.s);
> > +        }
> > +        /* switch (ldaplookup(addr.s, &s))  */
> > +         switch (ldaplookup(temp,&s)) {
> >            case 1: /* valid */
> >              break;
> >            case 0: /* invalid */
> > @@ -1036,6 +1046,7 @@
> >
> >  void smtp_rcpt(char *arg)
> >  {
> > + char temp[1024]; //temp buffer
> >    if (!seenmail)
> >    {
> >      err_wantmail();
> > @@ -1115,9 +1126,20 @@
> >      if (!goodmailaddr()) {
> >        logline(4,"recipient verify, recipient not in goodmailaddr");
> >        if (addrlocals()) {
> > - char *s;
> > + char *s,*x;
> >   logline(4,"recipient verify, recipient is local");
> > -        switch (ldaplookup(addr.s, &s)) {
> > + /** hack the planet patch */
> > + strcpy(temp,addr.s);
> > +        x = strchr(addr.s,'@'); /* check for position of @ in address */
> > +        if(x != NULL)
> > +        {
> > +                strcpy(temp,++x); /* ie. telkomsa.net */
> > +                while ((x = strchr(temp,'.')) != NULL)
> > +                        *x = '_';  /* telkomsa_net */
> > +                sprintf(temp,"%s-%s",temp,addr.s);
> > +        }
> > +        /* switch (ldaplookup(addr.s, &s))  */
> > +  switch (ldaplookup(temp,&s)) {
> >            case 1: /* valid */
> >       logline(4,"recipient verify OK");
> >              break;

Many thanks for the advice. Will modify right away.
-- 
slr.
'Dont queue mail with Sendmail,
send mail with Qmail ... '
b0n0b0 #qmail on efnet
key: 0x0B65ABDC - http://wwwkeys.pgp.net:11371

Reply via email to