retitle 506188 ssmtp: unitialized memory disclosure when sending mails
with no trailing newline
severity 506188 important
tag 506188 security patch
thanks
Okay I had time tot investigate this further. That's why I'm renaming
and raising severity.
The problem occurs when sending mail using ssmtp whith no trailing
newline character at the end of the body, and this was introduced by
the fix for #345780.
Here is a proposed fix that works for me.
Cheers,
Alex
diff -rN -u old-ssmtp-2.62/debian/patches/345780-standardise-bufsize new-ssmtp-2.62/debian/patches/345780-standardise-bufsize
--- old-ssmtp-2.62/debian/patches/345780-standardise-bufsize 2008-11-20 13:57:21.000000000 +0000
+++ new-ssmtp-2.62/debian/patches/345780-standardise-bufsize 2008-11-20 13:57:21.000000000 +0000
@@ -1,7 +1,7 @@
Index: ssmtp-2.62/ssmtp.c
===================================================================
---- ssmtp-2.62.orig/ssmtp.c 2008-11-04 14:56:56.000000000 +0200
-+++ ssmtp-2.62/ssmtp.c 2008-11-04 15:05:27.000000000 +0200
+--- ssmtp-2.62.orig/ssmtp.c 2008-11-20 13:27:00.000000000 +0000
++++ ssmtp-2.62/ssmtp.c 2008-11-20 13:41:06.000000000 +0000
@@ -343,28 +343,26 @@
/*
standardise() -- Trim off '\n's and double leading dots
@@ -121,7 +121,7 @@
/* if nothing was received, then no transmission
* over smtp should be done */
sleep(1);
-@@ -1639,12 +1639,25 @@
+@@ -1639,12 +1639,27 @@
continue;
}
/* Trim off \n, double leading .'s */
@@ -130,7 +130,9 @@
- outbytes += smtp_write(sock, "%s", buf);
+ leadingdot = standardise(buf, &linestart);
-+ if (linestart) {
++ /* Force linestart when at EOF, in case stdin does not finish with a
++ * newline character. */
++ if (linestart || feof(stdin)) {
+ outbytes += smtp_write(sock, "%s", leadingdot ? b : buf);
+ } else {
+ if (log_level > 0) {
