[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

buffer overflow with long email address



I've noticed if you send an email to a nonexistent user on your system
with a very long name:

  very_long_email_address_that_may_cause_problems@xxxxxxxxxxxxxx

You'll see an error in your log like:

---
Aug 21 00:29:24 ns01 qmail: 1061443764.043221 starting delivery 588:
msg 887828 to local
this_is_a_very_long_email_message_that_tries_to_do_a_buffer_overflow@xxxxxxxxxxxxxx
Aug 21 00:29:24 ns01 qmail: 1061443764.044467 status: local 1/10 remote
0/20
Aug 21 00:29:24 ns01 qmail: 1061443764.126071 delivery 588: deferral:
Temporary_failure_in_qmail-lspawn./
Aug 21 00:29:24 ns01 qmail: 1061443764.126822 status: local 0/10 remote
0/20
---

And to verify you could test via shell an existing user:

---
# /var/qmail/bin/qmail-getpw meuser mydomain.com  | tr '\000' '\012'
meuser
1010
1010
/home/vmail/mydomain.com/meuser


0
---

Then test the long email address:

---
# /var/qmail/bin/qmail-getpw
very_long_email_address_that_may_cause_problems mydomain.com  | tr
'\000' '\012'
[1]   Segmentation fault (core dumped) /var/qmail/bin/qmail-getpw
very_long_email_address_that_may_cause_problems mydomain.com |
      Done                    tr "\\000" "\\012"
#
---

Crash.

-Mocha

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com