Sendmail 8.6.10 update for security problems.

Imported on CSRG/V_8_6_10 branch.

Obtained from: CSRG/Allman

usr.sbin/sendmail/src/Makefile.SunOS.5.1

@@ -0,0 +1,115 @@
+#
+#  This Makefile is designed to work on the old "make" program.  It does
+#  not use the obj subdirectory.  It also does not install documentation
+#  automatically -- think of it as a quick start for sites that have the
+#  old make program (I recommend that you get and port the new make if you
+#  are going to be doing any signficant work on sendmail).
+#
+#  This has been tested on Solaris 2.1 and 2.2.
+#
+#	@(#)Makefile.Solaris	8.5 (Berkeley) 4/12/94
+#
+
+# use O=-O (usual) or O=-g (debugging)
+# warning: do not use -O with gcc
+O=	
+
+CC=	gcc
+
+# define the database mechanism used for alias lookups:
+#	-DNDBM -- use new DBM
+#	-DNEWDB -- use new Berkeley DB
+#	-DNIS -- include NIS support
+# The really old (V7) DBM library is no longer supported.
+# See READ_ME for a description of how these flags interact.
+#
+DBMDEF=	-DNDBM -DNIS
+
+# environment definitions (e.g., -D_AIX3)
+# include -DSOLARIS_2_3 for version 2.3 and higher
+ENVDEF=	-DSOLARIS
+
+# see also conf.h for additional compilation flags
+
+# include directories
+INCDIRS=-I/usr/sww/include/db
+
+# library directories
+LIBDIRS=-L/usr/sww/lib
+
+# libraries required on your system
+LIBS=	-lresolv -lsocket -lnsl -lelf
+
+# location of sendmail binary (usually /usr/sbin or /usr/lib)
+BINDIR=	${DESTDIR}/usr/lib
+
+# location of sendmail.st file (usually /var/log or /usr/lib)
+STDIR=	${DESTDIR}/var/log
+
+# location of sendmail.hf file (usually /usr/share/misc or /usr/lib)
+HFDIR=	${DESTDIR}/etc/mail
+
+# additional .o files needed
+OBJADD=
+
+# things to be made before compilation begins
+BEFORE=	sysexits.h
+
+###################  end of user configuration flags  ######################
+
+CFLAGS=	-I. $O ${INCDIRS} ${DBMDEF} ${ENVDEF}
+
+OBJS=	alias.o arpadate.o clock.o collect.o conf.o convtime.o daemon.o \
+	deliver.o domain.o envelope.o err.o headers.o macro.o main.o \
+	map.o mci.o parseaddr.o queue.o readcf.o recipient.o \
+	savemail.o srvrsmtp.o stab.o stats.o sysexits.o \
+	trace.o udb.o usersmtp.o util.o version.o ${OBJADD}
+
+LINKS=	${DESTDIR}/usr/ucb/newaliases ${DESTDIR}/usr/ucb/mailq
+BINOWN=	root
+BINGRP=	sys
+BINMODE=6555
+INSTALL=/usr/ucb/install
+
+ALL=	sendmail aliases.0 mailq.0 newaliases.0 sendmail.0
+
+all: ${ALL}
+
+sendmail: ${BEFORE} ${OBJS}
+	${CC} -o sendmail ${OBJS} ${LIBDIRS} ${LIBS}
+
+sysexits.h: /usr/ucbinclude/sysexits.h
+	ln -s /usr/ucbinclude/sysexits.h
+
+NROFF=	nroff -h
+
+aliases.0: aliases.5
+	${NROFF} -mandoc aliases.5 > aliases.0
+
+mailq.0: mailq.1
+	${NROFF} -mandoc mailq.1 > mailq.0
+
+newaliases.0: newaliases.1
+	${NROFF} -mandoc newaliases.1 > newaliases.0
+
+sendmail.0: sendmail.8
+	${NROFF} -mandoc sendmail.8 > sendmail.0
+
+install: install-sendmail install-docs
+
+install-sendmail: sendmail
+	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} sendmail ${BINDIR}
+	for i in ${LINKS}; do rm -f $$i; ln -s ${BINDIR}/sendmail $$i; done
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
+	    ${STDIR}/sendmail.st
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 sendmail.hf ${HFDIR}
+
+# doesn't actually install them -- you may want to install pre-nroff versions
+install-docs: aliases.0 mailq.0 newaliases.0 sendmail.0
+
+clean:
+	rm -f ${OBJS} sendmail aliases.0 mailq.0 newaliases.0 sendmail.0
+
+# dependencies
+#   gross overkill, and yet still not quite enough....
+${OBJS}: sendmail.h conf.h

usr.sbin/sendmail/src/Makefile.SunOS.5.2

@@ -0,0 +1,115 @@
+#
+#  This Makefile is designed to work on the old "make" program.  It does
+#  not use the obj subdirectory.  It also does not install documentation
+#  automatically -- think of it as a quick start for sites that have the
+#  old make program (I recommend that you get and port the new make if you
+#  are going to be doing any signficant work on sendmail).
+#
+#  This has been tested on Solaris 2.1 and 2.2.
+#
+#	@(#)Makefile.Solaris	8.5 (Berkeley) 4/12/94
+#
+
+# use O=-O (usual) or O=-g (debugging)
+# warning: do not use -O with gcc
+O=	
+
+CC=	gcc
+
+# define the database mechanism used for alias lookups:
+#	-DNDBM -- use new DBM
+#	-DNEWDB -- use new Berkeley DB
+#	-DNIS -- include NIS support
+# The really old (V7) DBM library is no longer supported.
+# See READ_ME for a description of how these flags interact.
+#
+DBMDEF=	-DNDBM -DNIS
+
+# environment definitions (e.g., -D_AIX3)
+# include -DSOLARIS_2_3 for version 2.3 and higher
+ENVDEF=	-DSOLARIS
+
+# see also conf.h for additional compilation flags
+
+# include directories
+INCDIRS=-I/usr/sww/include/db
+
+# library directories
+LIBDIRS=-L/usr/sww/lib
+
+# libraries required on your system
+LIBS=	-lresolv -lsocket -lnsl -lelf
+
+# location of sendmail binary (usually /usr/sbin or /usr/lib)
+BINDIR=	${DESTDIR}/usr/lib
+
+# location of sendmail.st file (usually /var/log or /usr/lib)
+STDIR=	${DESTDIR}/var/log
+
+# location of sendmail.hf file (usually /usr/share/misc or /usr/lib)
+HFDIR=	${DESTDIR}/etc/mail
+
+# additional .o files needed
+OBJADD=
+
+# things to be made before compilation begins
+BEFORE=	sysexits.h
+
+###################  end of user configuration flags  ######################
+
+CFLAGS=	-I. $O ${INCDIRS} ${DBMDEF} ${ENVDEF}
+
+OBJS=	alias.o arpadate.o clock.o collect.o conf.o convtime.o daemon.o \
+	deliver.o domain.o envelope.o err.o headers.o macro.o main.o \
+	map.o mci.o parseaddr.o queue.o readcf.o recipient.o \
+	savemail.o srvrsmtp.o stab.o stats.o sysexits.o \
+	trace.o udb.o usersmtp.o util.o version.o ${OBJADD}
+
+LINKS=	${DESTDIR}/usr/ucb/newaliases ${DESTDIR}/usr/ucb/mailq
+BINOWN=	root
+BINGRP=	sys
+BINMODE=6555
+INSTALL=/usr/ucb/install
+
+ALL=	sendmail aliases.0 mailq.0 newaliases.0 sendmail.0
+
+all: ${ALL}
+
+sendmail: ${BEFORE} ${OBJS}
+	${CC} -o sendmail ${OBJS} ${LIBDIRS} ${LIBS}
+
+sysexits.h: /usr/ucbinclude/sysexits.h
+	ln -s /usr/ucbinclude/sysexits.h
+
+NROFF=	nroff -h
+
+aliases.0: aliases.5
+	${NROFF} -mandoc aliases.5 > aliases.0
+
+mailq.0: mailq.1
+	${NROFF} -mandoc mailq.1 > mailq.0
+
+newaliases.0: newaliases.1
+	${NROFF} -mandoc newaliases.1 > newaliases.0
+
+sendmail.0: sendmail.8
+	${NROFF} -mandoc sendmail.8 > sendmail.0
+
+install: install-sendmail install-docs
+
+install-sendmail: sendmail
+	${INSTALL} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} sendmail ${BINDIR}
+	for i in ${LINKS}; do rm -f $$i; ln -s ${BINDIR}/sendmail $$i; done
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
+	    ${STDIR}/sendmail.st
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 sendmail.hf ${HFDIR}
+
+# doesn't actually install them -- you may want to install pre-nroff versions
+install-docs: aliases.0 mailq.0 newaliases.0 sendmail.0
+
+clean:
+	rm -f ${OBJS} sendmail aliases.0 mailq.0 newaliases.0 sendmail.0
+
+# dependencies
+#   gross overkill, and yet still not quite enough....
+${OBJS}: sendmail.h conf.h

usr.sbin/sendmail/src/aliases

@@ -0,0 +1,53 @@
+#
+#	@(#)aliases	8.2 (Berkeley) 3/5/94
+#
+#  Aliases in this file will NOT be expanded in the header from
+#  Mail, but WILL be visible over networks or from /bin/mail.
+#
+#	>>>>>>>>>>	The program "newaliases" must be run after
+#	>> NOTE >>	this file is updated for any changes to
+#	>>>>>>>>>>	show through to sendmail.
+#
+
+# Basic system aliases -- these MUST be present.
+MAILER-DAEMON:	postmaster
+postmaster:	root
+
+# General redirections for pseudo accounts.
+bin:		root
+daemon:		root
+games:		root
+ingres:		root
+nobody:		root
+system:		root
+toor:		root
+uucp:		root
+
+# Well-known aliases.
+manager:	root
+dumper:		root
+operator:	root
+
+# trap decode to catch security attacks
+decode:		root
+
+# OFFICIAL CSRG/BUG ADDRESSES
+
+# Ftp maintainer.
+ftp: ftp-bugs
+ftp-bugs: bigbug@cs.berkeley.edu
+
+# Distribution office.
+bsd-dist: bsd-dist@cs.berkeley.edu
+
+# Fortune maintainer.
+fortune: fortune@cs.berkeley.edu
+
+# Termcap maintainer.
+termcap: termcap@cs.berkeley.edu
+
+# General bug address.
+ucb-fixes: bigbug@cs.berkeley.edu
+ucb-fixes-request: bigbug@cs.berkeley.edu
+bugs: bugs@cs.berkeley.edu
+# END OFFICIAL BUG ADDRESSES

usr.sbin/sendmail/src/cdefs.h

@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Berkeley Software Design, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)cdefs.h	8.8 (Berkeley) 1/9/95
+ */
+
+#ifndef	_CDEFS_H_
+#define	_CDEFS_H_
+
+#if defined(__cplusplus)
+#define	__BEGIN_DECLS	extern "C" {
+#define	__END_DECLS	};
+#else
+#define	__BEGIN_DECLS
+#define	__END_DECLS
+#endif
+
+/*
+ * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
+ * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
+ * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
+ * in between its arguments.  __CONCAT can also concatenate double-quoted
+ * strings produced by the __STRING macro, but this only works with ANSI C.
+ */
+#if defined(__STDC__) || defined(__cplusplus)
+#define	__P(protos)	protos		/* full-blown ANSI C */
+#define	__CONCAT(x,y)	x ## y
+#define	__STRING(x)	#x
+
+#define	__const		const		/* define reserved names to standard */
+#define	__signed	signed
+#define	__volatile	volatile
+#if defined(__cplusplus)
+#define	__inline	inline		/* convert to C++ keyword */
+#else
+#ifndef __GNUC__
+#define	__inline			/* delete GCC keyword */
+#endif /* !__GNUC__ */
+#endif /* !__cplusplus */
+
+#else	/* !(__STDC__ || __cplusplus) */
+#define	__P(protos)	()		/* traditional C preprocessor */
+#define	__CONCAT(x,y)	x/**/y
+#define	__STRING(x)	"x"
+
+#ifndef __GNUC__
+#define	__const				/* delete pseudo-ANSI C keywords */
+#define	__inline
+#define	__signed
+#define	__volatile
+/*
+ * In non-ANSI C environments, new programs will want ANSI-only C keywords
+ * deleted from the program and old programs will want them left alone.
+ * When using a compiler other than gcc, programs using the ANSI C keywords
+ * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS.
+ * When using "gcc -traditional", we assume that this is the intent; if
+ * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone.
+ */
+#ifndef	NO_ANSI_KEYWORDS
+#define	const				/* delete ANSI C keywords */
+#define	inline
+#define	signed
+#define	volatile
+#endif
+#endif	/* !__GNUC__ */
+#endif	/* !(__STDC__ || __cplusplus) */
+
+/*
+ * GCC1 and some versions of GCC2 declare dead (non-returning) and
+ * pure (no side effects) functions using "volatile" and "const";
+ * unfortunately, these then cause warnings under "-ansi -pedantic".
+ * GCC2 uses a new, peculiar __attribute__((attrs)) style.  All of
+ * these work for GNU C++ (modulo a slight glitch in the C++ grammar
+ * in the distribution version of 2.5.5).
+ */
+#if !defined(__GNUC__) || __GNUC__ < 2 || \
+	(__GNUC__ == 2 && __GNUC_MINOR__ < 5)
+#define	__attribute__(x)	/* delete __attribute__ if non-gcc or gcc1 */
+#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
+#define	__dead		__volatile
+#define	__pure		__const
+#endif
+#endif
+
+/* Delete pseudo-keywords wherever they are not available or needed. */
+#ifndef __dead
+#define	__dead
+#define	__pure
+#endif
+
+#endif /* !_CDEFS_H_ */

usr.sbin/sendmail/src/daemon.c

@@ -37,9 +37,9 @@
 
 #ifndef lint
 #ifdef DAEMON
-static char sccsid[] = "@(#)daemon.c	8.48 (Berkeley) 4/18/94 (with daemon mode)";
+static char sccsid[] = "@(#)daemon.c	8.48.1.2 (Berkeley) 2/9/95 (with daemon mode)";
 #else
-static char sccsid[] = "@(#)daemon.c	8.48 (Berkeley) 4/18/94 (without daemon mode)";
+static char sccsid[] = "@(#)daemon.c	8.48.1.2 (Berkeley) 2/9/95 (without daemon mode)";
 #endif
 #endif /* not lint */
 
@@ -1122,9 +1122,11 @@ getauthinfo(fd)
 	while (isascii(*++p) && isspace(*p))
 		continue;
 
-	/* p now points to the authenticated name */
-	(void) sprintf(hbuf, "%s@%s",
-		p, RealHostName == NULL ? "localhost" : RealHostName);
+	/* p now points to the authenticated name -- copy carefully */
+	cleanstrcpy(hbuf, p, MAXNAME);
+	i = strlen(hbuf);
+	hbuf[i++] = '@';
+	strcpy(&hbuf[i], RealHostName == NULL ? "localhost" : RealHostName);
 	goto finish;
 
 closeident:
@@ -1406,9 +1408,6 @@ hostnamebyanyaddr(sap)
 	int saveretry;
 
 #if NAMED_BIND
-	/* need to make sure _res.retry is initialized before using it */
-	if ((_res.options & RES_INIT) == 0)
-		res_init();
 	/* shorten name server timeout to avoid higher level timeouts */
 	saveretry = _res.retry;
 	_res.retry = 3;

usr.sbin/sendmail/src/deliver.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)deliver.c	8.82 (Berkeley) 4/18/94";
+static char sccsid[] = "@(#)deliver.c	8.84.1.1 (Berkeley) 2/10/95";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -124,6 +124,7 @@ sendall(e, mode)
 	if (e->e_hopcount > MaxHopCount)
 	{
 		errno = 0;
+		queueup(e, TRUE, announcequeueup);
 		e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE;
 		syserr("554 too many hops %d (%d max): from %s via %s, to %s",
 			e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
@@ -950,7 +951,7 @@ deliver(e, firstto)
 	}
 	errno = 0;
 
-	CurHostName = host;
+	CurHostName = m->m_mailer;
 
 	/*
 	**  Deal with the special case of mail handled through an IPC
@@ -1005,7 +1006,7 @@ deliver(e, firstto)
 		if (curhost == NULL || curhost[0] == '\0')
 		{
 			syserr("null host signature for %s", pv[1]);
-			rcode = EX_OSERR;
+			rcode = EX_CONFIG;
 			goto give_up;
 		}
 
@@ -1726,7 +1727,7 @@ giveresponse(stat, m, mci, ctladdr, e)
 	else if (stat == EX_NOHOST && h_errno != 0)
 	{
 		statmsg = errstring(h_errno + E_DNSBASE);
-		(void) sprintf(buf, "%s (%s)", SysExMsg[i], statmsg);
+		(void) sprintf(buf, "%s (%s)", SysExMsg[i] + 1, statmsg);
 		statmsg = buf;
 	}
 #endif
@@ -1754,8 +1755,11 @@ giveresponse(stat, m, mci, ctladdr, e)
 	}
 	else
 	{
+		char mbuf[8];
+
 		Errors++;
-		usrerr(statmsg, errstring(errno));
+		sprintf(mbuf, "%.3s %%s", statmsg);
+		usrerr(mbuf, &statmsg[4]);
 	}
 
 	/*
@@ -1770,7 +1774,7 @@ giveresponse(stat, m, mci, ctladdr, e)
 
 	if (tTd(11, 2))
 		printf("giveresponse: stat=%d, e->e_message=%s\n",
-			stat, e->e_message);
+			stat, e->e_message == NULL ? "<NULL>" : e->e_message);
 
 	if (stat != EX_TEMPFAIL)
 		setstat(stat);

usr.sbin/sendmail/src/main.c

@@ -39,7 +39,7 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)main.c	8.55 (Berkeley) 4/15/94";
+static char sccsid[] = "@(#)main.c	8.55.1.3 (Berkeley) 2/10/95";
 #endif /* not lint */
 
 #define	_DEFINE
@@ -463,7 +463,11 @@ main(argc, argv, envp)
 			break;
 
 		  case 'B':	/* body type */
-			CurEnv->e_bodytype = newstr(optarg);
+			if (strcasecmp(optarg, "7bit") == 0 ||
+			    strcasecmp(optarg, "8bitmime") == 0)
+				CurEnv->e_bodytype = newstr(optarg);
+			else
+				usrerr("Illegal body type %s", optarg);
 			break;
 
 		  case 'C':	/* select configuration file (already done) */
@@ -486,7 +490,7 @@ main(argc, argv, envp)
 				ExitStat = EX_USAGE;
 				break;
 			}
-			from = newstr(optarg);
+			from = newstr(denlstring(optarg));
 			if (strcmp(RealUserName, from) != 0)
 				warn_f_flag = j;
 			break;
@@ -516,11 +520,21 @@ main(argc, argv, envp)
 		  case 'p':	/* set protocol */
 			p = strchr(optarg, ':');
 			if (p != NULL)
+			{
 				*p++ = '\0';
+				if (*p != '\0')
+				{
+					ep = xalloc(strlen(p) + 1);
+					cleanstrcpy(ep, p, MAXNAME);
+					define('s', ep, CurEnv);
+				}
+			}
 			if (*optarg != '\0')
-				define('r', newstr(optarg), CurEnv);
-			if (p != NULL && *p != '\0')
-				define('s', newstr(p), CurEnv);
+			{
+				ep = xalloc(strlen(optarg) + 1);
+				cleanstrcpy(ep, optarg, MAXNAME);
+				define('r', ep, CurEnv);
+			}
 			break;
 
 		  case 'q':	/* run queue files at intervals */
@@ -714,6 +728,10 @@ main(argc, argv, envp)
 		break;
 	}
 
+	/* full names can't have newlines */
+	if (FullName != NULL && strchr(FullName, '\n') != NULL)
+		FullName = newstr(denlstring(FullName));
+
 	/* do heuristic mode adjustment */
 	if (Verbose)
 	{

usr.sbin/sendmail/src/map.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)map.c	8.25 (Berkeley) 4/17/94";
+static char sccsid[] = "@(#)map.c	8.25.1.1 (Berkeley) 2/10/95";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -189,20 +189,13 @@ map_parseargs(map, ap)
 **		av -- arguments to interpolate into buf.
 **
 **	Returns:
-**		Pointer to rewritten result.
+**		Pointer to rewritten result.  This is static data that
+**		should be copied if it is to be saved!
 **
 **	Side Effects:
 **		none.
 */
 
-struct rwbuf
-{
-	int	rwb_len;	/* size of buffer */
-	char	*rwb_buf;	/* ptr to buffer */
-};
-
-struct rwbuf	RwBufs[2];	/* buffers for rewriting output */
-
 char *
 map_rewrite(map, s, slen, av)
 	register MAP *map;
@@ -214,9 +207,10 @@ map_rewrite(map, s, slen, av)
 	register char c;
 	char **avp;
 	register char *ap;
-	register struct rwbuf *rwb;
 	int i;
 	int len;
+	static int buflen = -1;
+	static char *buf = NULL;
 
 	if (tTd(39, 1))
 	{
@@ -231,10 +225,6 @@ map_rewrite(map, s, slen, av)
 		printf("\n");
 	}
 
-	rwb = RwBufs;
-	if (av == NULL)
-		rwb++;
-
 	/* count expected size of output (can safely overestimate) */
 	i = len = slen;
 	if (av != NULL)
@@ -258,16 +248,16 @@ map_rewrite(map, s, slen, av)
 	}
 	if (map->map_app != NULL)
 		len += strlen(map->map_app);
-	if (rwb->rwb_len < ++len)
+	if (buflen < ++len)
 	{
 		/* need to malloc additional space */
-		rwb->rwb_len = len;
-		if (rwb->rwb_buf != NULL)
-			free(rwb->rwb_buf);
-		rwb->rwb_buf = xalloc(rwb->rwb_len);
+		buflen = len;
+		if (buf != NULL)
+			free(buf);
+		buf = xalloc(buflen);
 	}
 
-	bp = rwb->rwb_buf;
+	bp = buf;
 	if (av == NULL)
 	{
 		bcopy(s, bp, slen);
@@ -307,8 +297,8 @@ map_rewrite(map, s, slen, av)
 	else
 		*bp = '\0';
 	if (tTd(39, 1))
-		printf("map_rewrite => %s\n", rwb->rwb_buf);
-	return rwb->rwb_buf;
+		printf("map_rewrite => %s\n", buf);
+	return buf;
 }
 /*
 **  INITMAPS -- initialize for aliasing

usr.sbin/sendmail/src/mci.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)mci.c	8.13 (Berkeley) 4/12/94";
+static char sccsid[] = "@(#)mci.c	8.14 (Berkeley) 5/15/94";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -83,18 +83,17 @@ mci_cache(mci)
 	register MCI **mcislot;
 	extern MCI **mci_scan();
 
-	if (MaxMciCache <= 0)
-	{
-		/* we don't support caching */
-		return;
-	}
-
 	/*
 	**  Find the best slot.  This may cause expired connections
 	**  to be closed.
 	*/
 
 	mcislot = mci_scan(mci);
+	if (mcislot == NULL)
+	{
+		/* we don't support caching */
+		return;
+	}
 
 	/* if this is already cached, we are done */
 	if (bitset(MCIF_CACHED, mci->mci_flags))
@@ -136,6 +135,12 @@ mci_scan(savemci)
 	register MCI *mci;
 	register int i;
 
+	if (MaxMciCache <= 0)
+	{
+		/* we don't support caching */
+		return NULL;
+	}
+
 	if (MciCache == NULL)
 	{
 		/* first call */
@@ -267,6 +272,7 @@ mci_get(host, m)
 {
 	register MCI *mci;
 	register STAB *s;
+	extern MCI **mci_scan();
 
 #ifdef DAEMON
 	extern SOCKADDR CurHostAddr;
@@ -276,7 +282,7 @@ mci_get(host, m)
 #endif
 
 	/* clear out any expired connections */
-	mci_scan(NULL);
+	(void) mci_scan(NULL);
 
 	if (m->m_mno < 0)
 		syserr("negative mno %d (%s)", m->m_mno, m->m_name);

usr.sbin/sendmail/src/queue.c

@@ -36,9 +36,9 @@
 
 #ifndef lint
 #ifdef QUEUE
-static char sccsid[] = "@(#)queue.c	8.41 (Berkeley) 4/18/94 (with queueing)";
+static char sccsid[] = "@(#)queue.c	8.41.1.1 (Berkeley) 2/10/95 (with queueing)";
 #else
-static char sccsid[] = "@(#)queue.c	8.41 (Berkeley) 4/18/94 (without queueing)";
+static char sccsid[] = "@(#)queue.c	8.41.1.1 (Berkeley) 2/10/95 (without queueing)";
 #endif
 #endif /* not lint */
 
@@ -210,7 +210,7 @@ queueup(e, queueall, announce)
 
 	/* message from envelope, if it exists */
 	if (e->e_message != NULL)
-		fprintf(tfp, "M%s\n", e->e_message);
+		fprintf(tfp, "M%s\n", denlstring(e->e_message));
 
 	/* send various flag bits through */
 	p = buf;
@@ -224,14 +224,14 @@ queueup(e, queueall, announce)
 
 	/* $r and $s and $_ macro values */
 	if ((p = macvalue('r', e)) != NULL)
-		fprintf(tfp, "$r%s\n", p);
+		fprintf(tfp, "$r%s\n", denlstring(p));
 	if ((p = macvalue('s', e)) != NULL)
-		fprintf(tfp, "$s%s\n", p);
+		fprintf(tfp, "$s%s\n", denlstring(p));
 	if ((p = macvalue('_', e)) != NULL)
-		fprintf(tfp, "$_%s\n", p);
+		fprintf(tfp, "$_%s\n", denlstring(p));
 
 	/* output name of sender */
-	fprintf(tfp, "S%s\n", e->e_from.q_paddr);
+	fprintf(tfp, "S%s\n", denlstring(e->e_from.q_paddr));
 
 	/* output list of error recipients */
 	printctladdr(NULL, NULL);
@@ -240,7 +240,7 @@ queueup(e, queueall, announce)
 		if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
 		{
 			printctladdr(q, tfp);
-			fprintf(tfp, "E%s\n", q->q_paddr);
+			fprintf(tfp, "E%s\n", denlstring(q->q_paddr));
 		}
 	}
 
@@ -251,7 +251,7 @@ queueup(e, queueall, announce)
 		    (queueall && !bitset(QDONTSEND|QBADADDR|QSENT, q->q_flags)))
 		{
 			printctladdr(q, tfp);
-			fprintf(tfp, "R%s\n", q->q_paddr);
+			fprintf(tfp, "R%s\n", denlstring(q->q_paddr));
 			if (announce)
 			{
 				e->e_to = q->q_paddr;
@@ -427,7 +427,7 @@ printctladdr(a, tfp)
 	else
 		uname = pw->pw_name;
 
-	fprintf(tfp, "C%s:%s\n", uname, a->q_paddr);
+	fprintf(tfp, "C%s:%s\n", uname, denlstring(a->q_paddr));
 }
 
 /*

usr.sbin/sendmail/src/readcf.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)readcf.c	8.23 (Berkeley) 3/18/94";
+static char sccsid[] = "@(#)readcf.c	8.23.1.2 (Berkeley) 2/10/95";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -1300,7 +1300,10 @@ setoption(opt, val, safe, sticky, e)
 		break;
 
 	  case 'M':		/* define macro */
-		define(val[0], newstr(&val[1]), CurEnv);
+		p = newstr(&val[1]);
+		if (!safe)
+			cleanstrcpy(p, p, MAXNAME);
+		define(val[0], p, CurEnv);
 		sticky = FALSE;
 		break;
 

usr.sbin/sendmail/src/recipient.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)recipient.c	8.44 (Berkeley) 2/28/94";
+static char sccsid[] = "@(#)recipient.c	8.44.1.4 (Berkeley) 2/20/95";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -75,7 +75,10 @@ sendtolist(list, ctladdr, sendq, e)
 	bool firstone;		/* set on first address sent */
 	char delimiter;		/* the address delimiter */
 	int naddrs;
+	int i;
 	char *oldto = e->e_to;
+	char *bufp;
+	char buf[MAXNAME + 1];
 
 	if (list == NULL)
 	{
@@ -102,7 +105,15 @@ sendtolist(list, ctladdr, sendq, e)
 	al = NULL;
 	naddrs = 0;
 
-	for (p = list; *p != '\0'; )
+	/* make sure we have enough space to copy the string */
+	i = strlen(list) + 1;
+	if (i <= sizeof buf)
+		bufp = buf;
+	else
+		bufp = xalloc(i);
+	strcpy(bufp, denlstring(list));
+
+	for (p = bufp; *p != '\0'; )
 	{
 		auto char *delimptr;
 		register ADDRESS *a;
@@ -143,6 +154,8 @@ sendtolist(list, ctladdr, sendq, e)
 	}
 
 	e->e_to = oldto;
+	if (bufp != buf)
+		free(bufp);
 	return (naddrs);
 }
 /*

usr.sbin/sendmail/src/savemail.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)savemail.c	8.28 (Berkeley) 3/11/94";
+static char sccsid[] = "@(#)savemail.c	8.29 (Berkeley) 5/10/94";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -521,7 +521,7 @@ returntosender(msg, returnq, sendbody, e)
 			e->e_id, ee->e_id, msg);
 # endif
 
-	(void) sprintf(buf, "Returned mail: %s", msg);
+	(void) sprintf(buf, "Returned mail: %.*s", sizeof buf - 20, msg);
 	addheader("Subject", buf, ee);
 	if (SendMIMEErrors)
 	{

usr.sbin/sendmail/src/sendmail.h

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)sendmail.h	8.43 (Berkeley) 4/14/94
+ *	@(#)sendmail.h	8.43.1.1 (Berkeley) 2/10/95
  */
 
 /*
@@ -41,7 +41,7 @@
 # ifdef _DEFINE
 # define EXTERN
 # ifndef lint
-static char SmailSccsId[] =	"@(#)sendmail.h	8.43		4/14/94";
+static char SmailSccsId[] =	"@(#)sendmail.h	8.43.1.1		2/10/95";
 # endif
 # else /*  _DEFINE */
 # define EXTERN extern
@@ -956,6 +956,7 @@ extern sigfunc_t	setsignal __P((int, sigfunc_t));
 extern char		*shortenstring __P((char *, int));
 extern bool		usershellok __P((char *));
 extern void		commaize __P((HDR *, char *, int, MCI *, ENVELOPE *));
+extern char		*denlstring __P((char *));
 
 /* ellipsis is a different case though */
 #ifdef __STDC__

usr.sbin/sendmail/src/util.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)util.c	8.39 (Berkeley) 4/14/94";
+static char sccsid[] = "@(#)util.c	8.39.1.2 (Berkeley) 2/10/95";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -1465,3 +1465,83 @@ shortenstring(s, m)
 	strcpy(buf + m + 3, s + l - m);
 	return buf;
 }
+/*
+**  CLEANSTRCPY -- copy string keeping out bogus characters
+**
+**	Parameters:
+**		t -- "to" string.
+**		f -- "from" string.
+**		l -- length of space available in "to" string.
+**
+**	Returns:
+**		none.
+*/
+
+void
+cleanstrcpy(t, f, l)
+	register char *t;
+	register char *f;
+	int l;
+{
+#ifdef LOG
+	/* check for newlines and log if necessary */
+	(void) denlstring(f);
+#endif
+
+	l--;
+	while (l > 0 && *f != '\0')
+	{
+		if (isascii(*f) &&
+		    (isalnum(*f) || strchr("!#$%&'*+-./^_`{|}~", *f) != NULL))
+		{
+			l--;
+			*t++ = *f;
+		}
+		f++;
+	}
+	*t = '\0';
+}
+/*
+**  DENLSTRING -- convert newlines in a string to spaces
+**
+**	Parameters:
+**		s -- the input string
+**
+**	Returns:
+**		A pointer to a version of the string with newlines
+**		mapped to spaces.  This should be copied.
+*/
+
+char *
+denlstring(s)
+	char *s;
+{
+	register char *p;
+	int l;
+	static char *bp = NULL;
+	static int bl = 0;
+
+	if (strchr(s, '\n') == NULL)
+		return s;
+
+	l = strlen(s) + 1;
+	if (bl < l)
+	{
+		/* allocate more space */
+		if (bp != NULL)
+			free(bp);
+		bp = xalloc(l);
+		bl = l;
+	}
+	strcpy(bp, s);
+	for (p = bp; (p = strchr(p, '\n')) != NULL; )
+		*p++ = ' ';
+
+#ifdef LOG
+	p = macvalue('_', CurEnv);
+	syslog(LOG_ALERT, "POSSIBLE ATTACK from %s: newline in string \"%s\"",
+		p == NULL ? "[UNKNOWN]" : p, bp);
+#endif
+
+	return bp;
+}

usr.sbin/sendmail/src/version.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.6.9.1 (Berkeley) 4/18/94";
+static char sccsid[] = "@(#)version.c	8.6.10.1 (Berkeley) 2/7/95";
 #endif /* not lint */
 
-char	Version[] = "8.6.9";
+char	Version[] = "8.6.10";