[SA-exim] Weird headers

[Marc MERLIN]

On Wed, Jul 14, 2004 at 04:20:35PM -0700, Marc MERLIN wrote:
> Ok, so if you are really receiving a mail like this, things are really
> fucked up :)
> 
> Admittedly sa-exim should deal with it. In the meantime, you can tell exim
> to refuse mails with such long headers:
> header_line_maxsize = 7k
> should do it

The following patch, now in CVS, should fix this in sa-exim:
RCS file: /cvsroot/sa-exim/sa-exim/sa-exim.c,v
retrieving revision 1.64
diff -u -u -r1.64 sa-exim.c
--- sa-exim.c   16 Aug 2004 05:12:16 -0000      1.64
+++ sa-exim.c   16 Aug 2004 05:39:00 -0000
@@ -418,8 +418,18 @@
            {
                break;
            }
-           /* Slight waste of memory here, oh well... */
-           *header=string_sprintf("%s\n%s", *header, buffer);
+
+           /* Guard against humongous header lines */
+           if (strlen(*header) < 8000)
+           {
+               /* Slight waste of memory here, oh well... */
+               *header=string_sprintf("%s\n%s", *header, buffer);
+           }
+           else
+           {
+               log_write(0, LOG_MAIN, "SA: Warning: while parsing header %s, ignoring the following trailing line due to header size overflow: %s", headername, buffer);
+
+           }
        }
        if (SAEximDebug > 5)
        {

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key