Re: [Exim] "#" on the end of email address

Página Inicial
Delete this message
Reply to this message
Autor: Matthew Frost
Data:  
Para: exim-users
CC: Rachel Moore
Assunto: Re: [Exim] "#" on the end of email address
On Fri, Aug 09, 2002 at 02:09:59PM +0100, Philip Hazel wrote:
> On Fri, 9 Aug 2002, Rachel Moore wrote:
>
> > Earlier, a user accidentally put a "#" on the end of an email
> > address in the To: field, which made Exim 3.36 do the following:
> >
> > 2002-08-09 13:10:34 queue run: process 17081 crashed with signal
> > 11 while delivering 17d8ZN-0004QP-00
>
> I cannot reproduce this trivially. Neither with nor without the use of
> -t on the Exim command line.
>
> > bash-2.05a# exim -Mrm 17d8ZN-0004QP-00
> > Bus error
>
> That suggests the spool file got screwed up.


I can do it with a simple: echo foo|exim user@???#
(Exim 3.36 by the way).

And I end up with a spool -H file that has "user@???#"
in the list of recipients list. Reading spool_in.c for Exim 4
eludes that there could be digits and special terminators after
the address (if I've got this right).

  Exim 3 type:       <address><space><digits>,<digits>,<digits>
  Exim 4 first type: <address><space><digits>
  Exim 4 new type:   <address><space><data>#<type bits>


From Exim 3.36 spool_in.c:

p = big_buffer + nn - 2;
while (isdigit((uschar)*p) || *p == ',') p--;

/* New Exim 4 style */

  if (*p == '#')
    {
    int len;
    p--;
    while (isdigit((uschar)*p) || *p == ',') p--;
    sscanf(p+1, "%d,%d", &len, &pno);
    flags = rf_onetime;
    p -= len + 1;
    *p = 0;
    }


So if I've read this right Exim 3.36 meets the # and then the "e"
from domain.example which isn't a digit or a comma, scanf's from
the # for "%d,%d" which aren't going to be there. We then
subtract len + 1 from p and poke a null there. But len is
uninitialised and so where this is is anyone's guess.

In Exim 4.10 there is a similar bit of code, but it has some more
checks and a *(--p) = 0; which if the other if statement fails
means that "user@???#" gets changed to
"user@???<NULL>#" and is unrouteable.

Regards, Matthew

--
Matthew Frost                                         http://www.frost.org/
                                                   email: matthew@???


                                                     "5 Out of screen, 10:1"