Man, I thought I checked that code.. ;)

Irelann Kerry Anderson of U of Maine spotted a bug in the Probe patch, that
could cause an off-the-end error on a string leading to a SEGV.  While
double checking that, I found that another buffer size was also incorrect,
causing another possible SEGV source.

A corrected patch for Sendmail 8.10.1 is attached.  For Sendmail 8.9.3,
the fix is similar:

1) Change the line (near line 110 in sendmail/alias.c):
                lbuf = xalloc(lbuflen);
to:
                lbuf = xalloc(lbuflen + 1);

2) Change the line (near line 61 in sendmail/alias.c)
          char lbuf2[MAXNAME + 7];
to:
                char lbuf2[MAXNAME + 30];

If you're running something older than Sendmail 8.9.3, you probably have
bigger problems... ;)

The amazing thing is the bug has been there since the Sendmail 8.8.4 version,
and I've ported it forward all along without noticing...



                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech