[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] Segfault in post from mime quoted names in aliases
|
From: |
Ken Hornstein |
|
Subject: |
Re: [Nmh-workers] Segfault in post from mime quoted names in aliases |
|
Date: |
Wed, 12 Apr 2017 22:48:07 -0400 |
>> I think any two group-base aliases would have triggered it.
>
>That probably depends on the implementation of getgrnam(3) and
>getgrgid(3). Perhaps some didn't rely on gr_mem not changing.
That's true, but I did encounter that on MacOS X, which uses a
BSD-derived userland. Johan didn't say what his operating systems
was, but I had guessed a Linux system. I think everyone would agree
modifying the returned gr_mem pointer is majorly wrong!
>I thought mh-alias(5) was doing a poor job of what `=foo' does, so I
>tried to follow the code. Here's my understanding.
>
>`=foo' calls addgroup("foo"). addgroup() tries getgrnam("foo") and, on
>failure, getgrid(atoi("foo")), the latter is undocumented.
Ah, this IS documented, though! From mh-alias(5):
Alias-file and file are UNIX file names. UNIX-group is a group name or
number from the system's group database.
>If neither
>succeeds then an error is returned to the caller. That may be ignored
>depending on the source of the `=foo'.
Right, but even worse ... that call always succeed! Well, atoi() on
random text will return '0', and getgrgid(0) will probably always
succeed. The only way you could get that routine to fail would be to do
something like =8765 and not have it be a valid group.
>It then runs through the group's members and searches for each in the
>`homehead' list, the "in-core" /etc/passwd. It does not call init_pw()
>first so this list may be empty. If it finds a match then the user is
>added to the alias, else the lack of a match is ignored. Then, even
>though we've done that search, getpwnam() is called to look up the user
>and if found then the user is added to the alias, and appended to the
>`homehead' list even though it may have already been found therein.
>Over time, `homehead' accumulates duplicates.
Urrrk ... the more I look at that code, the more it gives me headaches.
I thought I understood it, but now I don't.
It occurs to me that a group cannot start with '?', so a simple solution
would be to just treat '=?' as the start of literal text; that would take
care of any RFC-2047 encoded addresses. And of course make sure that
random text that comes after a '=' doesn't get treated as group 0. And
maybe we can all figure out what that code does? :-)
--Ken
- [Nmh-workers] Segfault in post from mime quoted names in aliases, Johan Viklund, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ralph Corderoy, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ken Hornstein, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ralph Corderoy, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Robert Elz, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ralph Corderoy, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ken Hornstein, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, norm, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, valdis . kletnieks, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Paul Vixie, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, David Levine, 2017/04/15
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, norm, 2017/04/15