macro bug of sendmail 5.65
Eric Wassenaar
e07 at nikhefh.nikhef.nl
Tue May 7 19:37:20 AEST 1991
In article <DEMIZU.91May4155034 at freezer.nff.ncl.omron.co.jp>, demizu at nff.ncl.omron.co.jp (DEMIZU Noritoshi) writes:
> Macros used in sendmail.cf are sometimes scratched.
> The reason is that the function define() only copies the POINTER
> to the string to memorize macro value, while the POINTER points
> non-permanent storage. I mean,
> foo()
> {
> char buf[100];
> strcpy(buf, "string");
> define('h', buf, CurEnv);
> }
> Basic idea in this patch is:
> (1) prepare new storage and copy the string to memorize macro value.
> (2) free old storage when redefining macro.
> (3) stop using function newstr() in the argument of define().
On first sight, I could not locate offending code of the sort
mentioned above, i.e. when the value of the defined macro is
used outside the defining module and is stored in non-permanent
space. But I may have overlooked something.
However, the proposed patch breaks code such as in the following
example from parseaddr.c
remotename(name, m, senderaddress, canonical)
{
char *oldg = macvalue('g', CurEnv);
cataddr(pvp, lbuf, sizeof lbuf);
define('g', lbuf, CurEnv);
expand(fancy, buf, &buf[sizeof buf - 1], CurEnv);
define('g', oldg, CurEnv);
With the proposed patch, the storage pointed to by oldg would
be freed by the first define() and possibly reused by newstr()
inside define() so that it would be screwed up at the moment
of the second define().
Eric Wassenaar
--
Organization: NIKHEF-H, National Institute for Nuclear and High-Energy Physics
Address: Kruislaan 409, P.O. Box 41882, 1009 DB Amsterdam, the Netherlands
Phone: +31 20 592 0412, Home: +31 20 6909449, Telefax: +31 20 592 5155
Internet: e07 at nikhef.nl
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list