Hi,
>>>>> On Mon, 13 Sep 2004 00:11:49 +0200
>>>>> manu@... said:
> How about this patch? It allocates a memory for a sender address and
> a recipient address for autowhite, except and pending lists. Instead,
> ADDRLEN is enlarged to 127 to handle input string well, and to guard
> against very large address in milter-greylist.c, conf_yacc.y and
> dump_yacc.y.
manu> Instead of 127, what about using the maximum limits here? RFC 821
manu> suggests 64 chars for mailbox and 64 chars for domain name. Plus the '@'
manu> and optionnal quotes around the mailbox, that makes 131. Was it
manu> obsoleted by a newer RFC? I recall a limit of 1024 on the domain name,
manu> but I can't find updated documentation.
Yes, it is better to use the maximum limits instead of 127. However,
I'm not sure the value is.
> --- pending.c.orig Wed Aug 4 06:56:07 2004
> +++ pending.c Mon Sep 13 02:56:50 2004
> @@ -134,10 +134,21 @@ pending_get(sa, salen, from, rcpt, date)
> pending = NULL;
> goto out;
> }
> - strncpy(pending->p_from, from, ADDRLEN);
> - pending->p_from[ADDRLEN] = '\0';
> - strncpy(pending->p_rcpt, rcpt, ADDRLEN);
> - pending->p_rcpt[ADDRLEN] = '\0';
> + if ((pending->p_from = strdup(from)) == NULL) {
> + free(pending->p_addr);
> + free(pending->p_sa);
> + free(pending);
> + pending = NULL;
> + goto out;
> + }
> + if ((pending->p_rcpt = strdup(rcpt)) == NULL) {
> + free(pending->p_from);
> + free(pending->p_addr);
> + free(pending->p_sa);
> + free(pending);
> + pending = NULL;
> + goto out;
> + }
manu> Is there any reason for not sipply panic (ie: display an error and exit)
manu> here?
Because, error handling against malloc() in pending_get() is written
so.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@... ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/Message
Re: [milter-greylist] cutting off sender-string
2004-09-13 by Hajimu UMEMOTO