Bugtraq mailing list archives

Sendmail 8.6.10: what's different?

From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 23 Feb 1995 07:58:00 -0500


I diffed 8.6.10 against what I was previously running (8.6.8).
Significant changes from bugtraq's point of view are mostly being more
paranoid about believing strings coming from possibly-untrustworthy
sources.  Here's the list:

- Truncate df files when collecting, as mentioned in the RELEASE_NOTES.
- When processing ident info, call cleanstrcpy() to strip trash from
  the returned username.
- The -B command-line flag argument is checked; it must be 7bit or
  8bitmime.  (8.6.8 blindly believed whatever was handed to it.)
- The -f command-line flag strips newlines from its argument.
- The -p command-line flag is a bit more paranoid about what's passed
  to it; the argument is now length-limited and cleanstrcpy()ed.
- FullName (taken from $NAME, or -F command-line flag) is now checked
  for newlines.
- map.c has lots of changes I don't understand; most of them probably
  are not relevant, but some may be.
- When creating a queue file, delete newlines from several things:
  specifically, the M, $r, $s, $_, S, E, R, and C lines.
- A macro defintion will have its argument cleanstrcpy()ed if the
  source of the string is not safe (eg, command-line).
- In sendtolist(), newlines are stripped from something - the list of
  addresses, I think, but I could be wrong.
- When generating a failure letter, the Subject: header is
  length-limited, apparently to avoid a buffer overflow.
- When generating the initial 220 greeting for SMTP, newlines are
  checked for and the message truncated at the first one if found.

cleanstrcpy(), referred to several times above, is like strcpy, but it
strips newlines and copies only a restricted set of characters:
letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen,
there's no indication.

In the above, "strips newlines" actually means replacing them with
spaces, not deleting them entirely.  (If a newline is found, sendmail
tries to log a warning.)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu

Current thread:

Re: snooper watchers, (continued)
- - - Re: snooper watchers Eric Conrad (Feb 22)
    - Re: snooper watchers Ben Taylor (Feb 22)
    - CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
    - Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
    - Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
    - Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
    - Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
    - new sendmail bug? James W. Abendschan (Feb 22)
    - Re: new sendmail bug? joel (Feb 22)
    - Re: new sendmail bug? Dave Horsfall (Feb 22)
    - Sendmail 8.6.10: what's different? der Mouse (Feb 23)
    - X keyboard sniffing Paul Howell (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
    - Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)
    - Re: new sendmail bug? Michael Van Norman (Feb 23)
    - Re: snooper watchers Aleph One (Feb 22)
    - Re: HP-UX Problem... Pete Shipley (Feb 21)