Re: [Exim] verify=header_syntax Buffer overflow (CAN-2004-04…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Nico Erfurth
CC: Andreas Metzler, Exim-Users (E-mail)
Subject: Re: [Exim] verify=header_syntax Buffer overflow (CAN-2004-0400)
On Thu, 6 May 2004, Nico Erfurth wrote:

> Damn, you've beaten me by 5 secs ;)


And me by about the same, only because I went out to do some important
shopping before tackling the issue. :-)

> Yes, the code looks useless. Looks like Philip already wanted to fix it,
> but left the broken code lying around.


Yup. I'm getting older... big birthday next week :-( And I do mean :-(
and not :-)

> I've quickly looked over the rfc, and it's IMHO not very clear about it.
>
> <quote>
>   Header fields are lines composed of a field name, followed by a colon
>     (":"), followed by a field body, and terminated by CRLF.  A field
>     name MUST be composed of printable US-ASCII characters (i.e.,
>     characters that have values between 33 and 126, inclusive), except
>     colon.
> </quote>


I've checked backwards. The oldest release I have is 1.62; it has the
same code. I have some older ChangeLogs, but they make no mention of any
change. So allowing spaces between the name and the colon is *very* old.

My suspicion is that Some Other MTA (tm) allows it, just like it allows
spaces between the name and the colon in alias files.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book