ports/134271: mail/popd POP3 server dies handling messages with very long lines (>64K)

Dmitry hanabana at mail.ru
Wed May 6 14:50:04 UTC 2009 

>Number:         134271
>Category:       ports
>Synopsis:       mail/popd POP3 server dies handling messages with very long lines (>64K)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 06 14:50:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry
>Release:        FreeBSD 7.2
>Organization:
home
>Environment:
FreeBSD mail.mcm.ru 7.2-STABLE FreeBSD 7.2-STABLE #0: Mon May  4 18:46:34 MSD 2009     root at mail.mcm.ru:/var/tmp/obj/usr/src/sys/MCM  i386

>Description:
mail/popd POP3 server makes assignment to NULL pointer if the length of the email line exceeds 65535 bytes.
Attached patch solves this problem. It also hides annoying messages.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- lib/mbox_mbf.c.orig	2003-03-05 10:33:12.000000000 +0300
+++ lib/mbox_mbf.c	2009-05-06 18:21:18.000000000 +0400
@@ -151,7 +151,10 @@
 			bytes -= len;
 			offset += len;
 			q[buffleft] = '\0';
-			p = strchr(buffer, '\n');
+			if ((p = strchr(buffer, '\n')) == NULL) {
+			    p = q + buffleft;
+			    continue;
+			}
 		}
 		*p++ = '\0';
 		if (*line == '\0') {
@@ -382,7 +385,14 @@
 			len = read(mbox->fd, offset, buffleft);
 			bytes -= len;
 			offset[len] = '\0';
-			p = strchr(buffer, '\n');
+			if ((p = strchr(buffer, '\n')) == NULL) {
+			    p = offset + len;
+			    if( (p - buffer) == 1 && buffer[0] == '.' )
+				sendline(SEND_BUF, "..");
+			    else
+				sendline(SEND_BUF, "%s", buffer);
+			    continue;
+			}
 		}
 		*p++ = '\0';
 		if (line[0] == '.' && line[1] == '\0') {
--- lib/private.h.orig	2009-05-06 18:17:23.000000000 +0400
+++ lib/private.h	2009-05-06 18:16:24.000000000 +0400
@@ -26,6 +26,9 @@
  *      $Id: private.h,v 1.1 2001/10/10 09:48:11 ianf Exp $
  */
 
+#undef NULL
+#define NULL 0
+
 #define TRUE 1
 #define FALSE 0
 #define MAXINCR 20
--- src/config.h.orig	2002-11-20 13:27:49.000000000 +0300
+++ src/config.h	2009-05-06 18:12:46.000000000 +0400
@@ -26,6 +26,7 @@
  *      $Id: config.h,v 1.20 2002/11/20 10:27:49 ianf Exp $
  */
 
+#undef NULL
 #define NULL	0
 #define TRUE	1
 #define FALSE	0


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list