Re: [Exim] verify=header_syntax Buffer overflow (CAN-2004-04…

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Andreas Metzler
CC: Exim-Users (E-mail)
Subject: Re: [Exim] verify=header_syntax Buffer overflow (CAN-2004-0400)
Andreas Metzler wrote:

> Hello,
> Afaict the broken code in src/verify.c is completely useless in exim4.
> The header name is copied to hname but the error message is generated
> from h->text and hname is ignored.


Damn, you've beaten me by 5 secs ;)

Yes, the code looks useless. Looks like Philip already wanted to fix it,
but left the broken code lying around.

> Shouldn't exim reject
>
> To        : bar@foo

>
> at east if 'verify = header_syntax' is used?


I've quickly looked over the rfc, and it's IMHO not very clear about it.

<quote>
  Header fields are lines composed of a field name, followed by a colon
    (":"), followed by a field body, and terminated by CRLF.  A field
    name MUST be composed of printable US-ASCII characters (i.e.,
    characters that have values between 33 and 126, inclusive), except
    colon.
</quote>


Nico