Wed, 21 Jun 2000 10:39:58 -0400
|
Man, I thought I checked that code.. ;)
Irelann Kerry Anderson of U of Maine spotted a bug in the Probe patch, that
could cause an off-the-end error on a string leading to a SEGV. While
double checking that, I found that another buffer size was also incorrect,
causing another possible SEGV source.
A corrected patch for Sendmail 8.10.1 is attached. For Sendmail 8.9.3,
the fix is similar:
1) Change the line (near line 110 in sendmail/alias.c):
lbuf = xalloc(lbuflen);
to:
lbuf = xalloc(lbuflen + 1);
2) Change the line (near line 61 in sendmail/alias.c)
char lbuf2[MAXNAME + 7];
to:
char lbuf2[MAXNAME + 30];
If you're running something older than Sendmail 8.9.3, you probably have
bigger problems... ;)
The amazing thing is the bug has been there since the Sendmail 8.8.4 version,
and I've ported it forward all along without noticing...
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
|
|
|