Bug#373801: patch for sendmail 8.13.4-3sarge1

Wed, 12 Jul 2006 12:22:55 -0700 

Package: sendmail
Version: 8.13.4-3sarge1
Followup-For: Bug #373801

This is a patch based on sendmail-8.13.1-VU#146718.patch from redhat


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.30-acens-sata
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

diff -u -p -Nr --exclude CVS sendmail-8.13.4.orig/sendmail/deliver.c sendmail-8.13.4/sendmail/deliver.c
--- sendmail-8.13.4.orig/sendmail/deliver.c	2005-03-05 03:28:50.000000000 +0100
+++ sendmail-8.13.4/sendmail/deliver.c	2006-07-12 20:41:45.000000000 +0200
@@ -4592,7 +4592,7 @@ putbody(mci, e, separator)
 		/* now do the hard work */
 		boundaries[0] = NULL;
 		mci->mci_flags |= MCIF_INHEADER;
-		(void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
+		(void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0);
 	}
 # if MIME7TO8
 	else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
@@ -4620,7 +4620,7 @@ putbody(mci, e, separator)
 			SuprErrs = true;
 
 		(void) mime8to7(mci, e->e_header, e, boundaries,
-				M87F_OUTER|M87F_NO8TO7);
+				M87F_OUTER|M87F_NO8TO7, 0);
 
 		/* restore SuprErrs */
 		SuprErrs = oldsuprerrs;
diff -u -p -Nr --exclude CVS sendmail-8.13.4.orig/sendmail/mime.c sendmail-8.13.4/sendmail/mime.c
--- sendmail-8.13.4.orig/sendmail/mime.c	2004-09-02 23:37:26.000000000 +0200
+++ sendmail-8.13.4/sendmail/mime.c	2006-07-12 20:44:58.000000000 +0200
@@ -80,6 +80,7 @@ static bool	MapNLtoCRLF;
 **		boundaries -- the currently pending message boundaries.
 **			NULL if we are processing the outer portion.
 **		flags -- to tweak processing.
+**		level -- recursion level.
 **
 **	Returns:
 **		An indicator of what terminated the message part:
@@ -95,12 +96,13 @@ struct args
 };
 
 int
-mime8to7(mci, header, e, boundaries, flags)
+mime8to7(mci, header, e, boundaries, flags, level)
 	register MCI *mci;
 	HDR *header;
 	register ENVELOPE *e;
 	char **boundaries;
 	int flags;
+	int level;
 {
 	register char *p;
 	int linelen;
@@ -121,6 +123,18 @@ mime8to7(mci, header, e, boundaries, fla
 	char pvpbuf[MAXLINE];
 	extern unsigned char MimeTokenTab[256];
 
+        if (level > MAXMIMENESTING)
+        {
+               if (!bitset(EF_TOODEEP, e->e_flags))
+               {
+                       if (tTd(43, 4))
+                               sm_dprintf("mime8to7: too deep, level=%d\n",
+                                          level);
+                        usrerr("mime8to7: recursion level %d exceeded",
+                                level);
+                        e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
+               }
+        }
 	if (tTd(43, 1))
 	{
 		sm_dprintf("mime8to7: flags = %x, boundaries =", flags);
@@ -241,7 +255,9 @@ mime8to7(mci, header, e, boundaries, fla
 	*/
 
 	if (sm_strcasecmp(type, "multipart") == 0 &&
-	    (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)))
+            (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) &&
+            !bitset(EF_TOODEEP, e->e_flags)
+           )
 	{
 
 		if (sm_strcasecmp(subtype, "digest") == 0)
@@ -285,10 +301,13 @@ mime8to7(mci, header, e, boundaries, fla
 		}
 		if (i >= MAXMIMENESTING)
 		{
-			usrerr("mime8to7: multipart nesting boundary too deep");
+                       if (tTd(43, 4))
+	                       sm_dprintf("mime8to7: too deep, i=%d\n", i);
+                       if (!bitset(EF_TOODEEP, e->e_flags))
+	                       usrerr("mime8to7: multipart nesting boundary too deep");
 
 			/* avoid bounce loops */
-			e->e_flags |= EF_DONT_MIME;
+			e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
 		}
 		else
 		{
@@ -328,7 +347,9 @@ mime8to7(mci, header, e, boundaries, fla
 			putheader(mci, hdr, e, flags);
 			if (tTd(43, 101))
 				putline("+++after putheader", mci);
-			bt = mime8to7(mci, hdr, e, boundaries, flags);
+                        bt = mime8to7(mci, hdr, e, boundaries, flags,
+                                level + 1);
+
 		}
 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", bbuf, "--");
 		putline(buf, mci);
@@ -365,7 +386,8 @@ mime8to7(mci, header, e, boundaries, fla
 
 	if (sm_strcasecmp(type, "message") == 0)
 	{
-		if (!wordinclass(subtype, 's'))
+		if (!wordinclass(subtype, 's') ||
+		    bitset(EF_TOODEEP, e->e_flags))
 		{
 			flags |= M87F_NO8BIT;
 		}
@@ -385,7 +407,9 @@ mime8to7(mci, header, e, boundaries, fla
 			if (hvalue("MIME-Version", hdr) == NULL &&
 			    !bitset(M87F_NO8TO7, flags))
 				putline("MIME-Version: 1.0", mci);
-			bt = mime8to7(mci, hdr, e, boundaries, flags);
+                        bt = mime8to7(mci, hdr, e, boundaries, flags,
+                                level + 1);
+
 			mci->mci_flags &= ~MCIF_INMIME;
 			return bt;
 		}
diff -u -p -Nr --exclude CVS sendmail-8.13.4.orig/sendmail/sendmail.h sendmail-8.13.4/sendmail/sendmail.h
--- sendmail-8.13.4.orig/sendmail/sendmail.h	2005-03-07 19:03:17.000000000 +0100
+++ sendmail-8.13.4/sendmail/sendmail.h	2006-07-12 20:43:41.000000000 +0200
@@ -942,6 +942,7 @@ struct envelope
 #define EF_TOOBIG	0x02000000L	/* message is too big */
 #define EF_SPLIT	0x04000000L	/* envelope has been split */
 #define EF_UNSAFE	0x08000000L	/* unsafe: read from untrusted source */
+#define EF_TOODEEP	0x10000000L	/* message is nested too deep */
 
 #define DLVR_NOTIFY	0x01
 #define DLVR_RETURN	0x02
@@ -1651,7 +1652,7 @@ EXTERN unsigned long	PrivacyFlags;	/* pr
 
 /* functions */
 extern void	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
-extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
+extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int, int));
 
 /*
 **  Flags passed to returntosender.

Reply via email to