Merge sendmail 8.6.11 patches into CSRG branch

10 files changed, 111 insertions, 35 deletions

diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES
index 2dc511694658..1205776d89d0 100644
--- a/usr.sbin/sendmail/RELEASE_NOTES
+++ b/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,10 +1,45 @@
 			SENDMAIL RELEASE NOTES
-	     @(#)RELEASE_NOTES	8.6.10.2 (Berkeley) 2/10/95
+	     @(#)RELEASE_NOTES	8.6.11.1 (Berkeley) 3/8/95
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.6.11/8.6.11	95/03/08
+	The ``possible attack'' message would be logged more often
+		than necessary if you are using Pine as a user agent.
+	The wrong host would be reported in the ``possible attack''
+		message when attempted from IDENT.
+	In some cases the syslog buffer could be overflowed when
+		reporting the ``possible attack'' message.  This can
+		cause denial of service attacks.  Truncate the message
+		to 80 characters to prevent this problem.
+	When reading the IDENT response a loop is needed around the
+		read from the network to ensure that you don't get
+		partial lines.
+	Password entries without any shell listed (that is, a null
+		shell) wouldn't match as "ok".  Problem noted by
+		Rob McMahon.
+	When running BIND 4.9.x a problem could occur because the
+		_res.options field is initialized differently than it
+		was historically -- this requires that sendmail call
+		res_init before it tweaks any bits.
+	Fix an incompatibility in openxscript() between the file open mode
+		and the stdio mode passed to fdopen.  This caused UnixWare
+		2.0 to have conniptions.  Fix from Martin Sohnius of
+		Novell Labs Europe.
+	Fix problem with static linking of local getopt routine when
+		using GNU's ld command.  Fix from John Kennedy of
+		Cal State Chico.
+	It was possible to turn off privacy flags.  Problem noted by
+		*Hobbit*.
+	Be more paranoid about writing files.  Suggestions by *Hobbit*
+		and Liudvikas Bukys.
+	MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
+		from Spider Boardman.
+	CONFIG: No changes (version number only, to keep it in sync
+		with the binaries).
+
 8.6.10/8.6.10	95/02/10
 	SECURITY: Diagnose bogus values to some command line flags that
 		could allow trash to get into headers and qf files.
@@ -46,6 +81,8 @@ summary of the changes in that release.
 		some cases, buffers could get trashed by map lookups
 		causing it to do unexpected things.  This also simplifies
 		some of the map code.
+	CONFIG: No changes (version number only, to keep it in sync
+		with the binaries).
 
 8.6.9/8.6.9	94/04/19
 	Do all mail delivery completely disconnected from any terminal.
diff --git a/usr.sbin/sendmail/makemap/makemap.c b/usr.sbin/sendmail/makemap/makemap.c
index f2d4aea9ca90..a676cd7f43be 100644
--- a/usr.sbin/sendmail/makemap/makemap.c
+++ b/usr.sbin/sendmail/makemap/makemap.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)makemap.c	8.6 (Berkeley) 11/22/93";
+static char sccsid[] = "@(#)makemap.c	8.6.1.1 (Berkeley) 3/6/95";
 #endif /* not lint */
 
 #include <stdio.h>
@@ -66,7 +66,7 @@ union dbent
 	struct
 	{
 		char	*data;
-		int	size;
+		size_t	size;
 	} xx;
 };
 
@@ -226,10 +226,14 @@ main(argc, argv)
 #ifdef NEWDB
 	  case T_HASH:
 		dbp.db = dbopen(mapname, mode, 0644, DB_HASH, NULL);
+		if (dbp.db != NULL)
+			(void) (*dbp.db->sync)(dbp.db, 0);
 		break;
 
 	  case T_BTREE:
 		dbp.db = dbopen(mapname, mode, 0644, DB_BTREE, NULL);
+		if (dbp.db != NULL)
+			(void) (*dbp.db->sync)(dbp.db, 0);
 		break;
 #endif
 
diff --git a/usr.sbin/sendmail/src/READ_ME b/usr.sbin/sendmail/src/READ_ME
index cc0b41984758..ace0d3ab9bb3 100644
--- a/usr.sbin/sendmail/src/READ_ME
+++ b/usr.sbin/sendmail/src/READ_ME
@@ -30,7 +30,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-#	@(#)READ_ME	8.61 (Berkeley) 4/17/94
+#	@(#)READ_ME	8.61.1.1 (Berkeley) 3/5/95
 #
 
 This directory contains the source files for sendmail.
@@ -666,6 +666,17 @@ Linux
 	the flock() system call gives errors.  If you are running .14,
 	you must not use flock.  You can do this with -DHASFLOCK=0.
 
+	Around the inclusion of bind-4.9.3 & linux libc-4.6.20, the
+	initialization of the _res structure changed.  If /etc/hosts.conf
+	was configured as "hosts, bind" the resolver code could return
+	"Name server failure" errors.  This is supposedly fixed in
+	later versions of libc (>= 4.6.29?), and later versions of
+	sendmail (> 8.6.10) try to work around the problem.
+
+	Some older versions (< 4.6.20?) of the libc/include files conflict
+	with sendmail's version of cdefs.h.  Deleting sendmail's version
+	on those systems should be non-harmful, and new versions don't care.
+
 AIX
 	This version of sendmail does not support MB, MG, and MR resource
 	records, which are supported by AIX sendmail.
@@ -869,4 +880,4 @@ version.c	The version number and information about this
 
 Eric Allman
 
-(Version 8.61, last update 4/17/94 07:05:32)
+(Version 8.61.1.1, last update 3/5/95 12:52:16)
diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c
index 3a2314c6fd54..e8bb1e479fe8 100644
--- a/usr.sbin/sendmail/src/envelope.c
+++ b/usr.sbin/sendmail/src/envelope.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)envelope.c	8.34 (Berkeley) 4/14/94";
+static char sccsid[] = "@(#)envelope.c	8.34.1.1 (Berkeley) 2/28/95";
 #endif /* not lint */
 
 #include "sendmail.h"
@@ -489,7 +489,7 @@ openxscript(e)
 		if (fd < 0)
 			syserr("!Can't open /dev/null");
 	}
-	e->e_xfp = fdopen(fd, "w");
+	e->e_xfp = fdopen(fd, "a");
 	if (e->e_xfp == NULL)
 	{
 		syserr("!Can't create transcript stream %s", p);
diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c
index d7923ea20fe7..a0253a252de7 100644
--- a/usr.sbin/sendmail/src/main.c
+++ b/usr.sbin/sendmail/src/main.c
@@ -39,7 +39,7 @@ static char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)main.c	8.55.1.3 (Berkeley) 2/10/95";
+static char sccsid[] = "@(#)main.c	8.55.1.7 (Berkeley) 3/5/95";
 #endif /* not lint */
 
 #define	_DEFINE
@@ -293,7 +293,7 @@ main(argc, argv, envp)
 
 	for (i = j = 0; j < MAXUSERENVIRON && (p = envp[i]) != NULL; i++)
 	{
-		if (strncmp(p, "FS=", 3) == 0 || strncmp(p, "LD_", 3) == 0)
+		if (strncmp(p, "IFS=", 4) == 0 || strncmp(p, "LD_", 3) == 0)
 			continue;
 		UserEnviron[j++] = newstr(p);
 	}
@@ -324,7 +324,10 @@ main(argc, argv, envp)
 
 #if NAMED_BIND
 	if (tTd(8, 8))
+	{
+		res_init();
 		_res.options |= RES_DEBUG;
+	}
 #endif
 
 	errno = 0;
@@ -490,7 +493,7 @@ main(argc, argv, envp)
 				ExitStat = EX_USAGE;
 				break;
 			}
-			from = newstr(denlstring(optarg));
+			from = newstr(denlstring(optarg, TRUE, TRUE));
 			if (strcmp(RealUserName, from) != 0)
 				warn_f_flag = j;
 			break;
@@ -571,6 +574,7 @@ main(argc, argv, envp)
 			break;
 
 		  case 'X':	/* traffic log file */
+			setgid(RealGid);
 			setuid(RealUid);
 			TrafficLogFile = fopen(optarg, "a");
 			if (TrafficLogFile == NULL)
@@ -654,6 +658,15 @@ main(argc, argv, envp)
 	}
 
 	/*
+	**  Initialize name server if it is going to be used.
+	*/
+
+#if NAMED_BIND
+	if (!bitset(RES_INIT, _res.options))
+		res_init();
+#endif
+
+	/*
 	**  Process authorization warnings from command line.
 	*/
 
@@ -730,7 +743,7 @@ main(argc, argv, envp)
 
 	/* full names can't have newlines */
 	if (FullName != NULL && strchr(FullName, '\n') != NULL)
-		FullName = newstr(denlstring(FullName));
+		FullName = newstr(denlstring(FullName, TRUE, TRUE));
 
 	/* do heuristic mode adjustment */
 	if (Verbose)
diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c
index 897396a4947e..1dc56a6839ab 100644
--- a/usr.sbin/sendmail/src/queue.c
+++ b/usr.sbin/sendmail/src/queue.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #ifdef QUEUE
-static char sccsid[] = "@(#)queue.c	8.41.1.1 (Berkeley) 2/10/95 (with queueing)";
+static char sccsid[] = "@(#)queue.c	8.41.1.3 (Berkeley) 3/5/95 (with queueing)";
 #else
-static char sccsid[] = "@(#)queue.c	8.41.1.1 (Berkeley) 2/10/95 (without queueing)";
+static char sccsid[] = "@(#)queue.c	8.41.1.3 (Berkeley) 3/5/95 (without queueing)";
 #endif
 #endif /* not lint */
 
@@ -210,7 +210,7 @@ queueup(e, queueall, announce)
 
 	/* message from envelope, if it exists */
 	if (e->e_message != NULL)
-		fprintf(tfp, "M%s\n", denlstring(e->e_message));
+		fprintf(tfp, "M%s\n", denlstring(e->e_message, TRUE, FALSE));
 
 	/* send various flag bits through */
 	p = buf;
@@ -224,14 +224,14 @@ queueup(e, queueall, announce)
 
 	/* $r and $s and $_ macro values */
 	if ((p = macvalue('r', e)) != NULL)
-		fprintf(tfp, "$r%s\n", denlstring(p));
+		fprintf(tfp, "$r%s\n", denlstring(p, TRUE, FALSE));
 	if ((p = macvalue('s', e)) != NULL)
-		fprintf(tfp, "$s%s\n", denlstring(p));
+		fprintf(tfp, "$s%s\n", denlstring(p, TRUE, FALSE));
 	if ((p = macvalue('_', e)) != NULL)
-		fprintf(tfp, "$_%s\n", denlstring(p));
+		fprintf(tfp, "$_%s\n", denlstring(p, TRUE, FALSE));
 
 	/* output name of sender */
-	fprintf(tfp, "S%s\n", denlstring(e->e_from.q_paddr));
+	fprintf(tfp, "S%s\n", denlstring(e->e_from.q_paddr, TRUE, FALSE));
 
 	/* output list of error recipients */
 	printctladdr(NULL, NULL);
@@ -240,7 +240,7 @@ queueup(e, queueall, announce)
 		if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
 		{
 			printctladdr(q, tfp);
-			fprintf(tfp, "E%s\n", denlstring(q->q_paddr));
+			fprintf(tfp, "E%s\n", denlstring(q->q_paddr, TRUE, FALSE));
 		}
 	}
 
@@ -251,7 +251,7 @@ queueup(e, queueall, announce)
 		    (queueall && !bitset(QDONTSEND|QBADADDR|QSENT, q->q_flags)))
 		{
 			printctladdr(q, tfp);
-			fprintf(tfp, "R%s\n", denlstring(q->q_paddr));
+			fprintf(tfp, "R%s\n", denlstring(q->q_paddr, TRUE, FALSE));
 			if (announce)
 			{
 				e->e_to = q->q_paddr;
@@ -427,7 +427,7 @@ printctladdr(a, tfp)
 	else
 		uname = pw->pw_name;
 
-	fprintf(tfp, "C%s:%s\n", uname, denlstring(a->q_paddr));
+	fprintf(tfp, "C%s:%s\n", uname, denlstring(a->q_paddr, TRUE, FALSE));
 }
 
 /*
diff --git a/usr.sbin/sendmail/src/recipient.c b/usr.sbin/sendmail/src/recipient.c
index 0820e60e45a5..a43cf5c93dff 100644
--- a/usr.sbin/sendmail/src/recipient.c
+++ b/usr.sbin/sendmail/src/recipient.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)recipient.c	8.44.1.4 (Berkeley) 2/20/95";
+static char sccsid[] = "@(#)recipient.c	8.44.1.6 (Berkeley) 3/5/95";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -111,7 +111,7 @@ sendtolist(list, ctladdr, sendq, e)
 		bufp = buf;
 	else
 		bufp = xalloc(i);
-	strcpy(bufp, denlstring(list));
+	strcpy(bufp, denlstring(list, FALSE, TRUE));
 
 	for (p = bufp; *p != '\0'; )
 	{
diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h
index 0139f0ee7a14..4fc1ef7addc9 100644
--- a/usr.sbin/sendmail/src/sendmail.h
+++ b/usr.sbin/sendmail/src/sendmail.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)sendmail.h	8.43.1.1 (Berkeley) 2/10/95
+ *	@(#)sendmail.h	8.43.1.3 (Berkeley) 3/5/95
  */
 
 /*
@@ -41,7 +41,7 @@
 # ifdef _DEFINE
 # define EXTERN
 # ifndef lint
-static char SmailSccsId[] =	"@(#)sendmail.h	8.43.1.1		2/10/95";
+static char SmailSccsId[] =	"@(#)sendmail.h	8.43.1.3		3/5/95";
 # endif
 # else /*  _DEFINE */
 # define EXTERN extern
@@ -956,7 +956,7 @@ extern sigfunc_t	setsignal __P((int, sigfunc_t));
 extern char		*shortenstring __P((char *, int));
 extern bool		usershellok __P((char *));
 extern void		commaize __P((HDR *, char *, int, MCI *, ENVELOPE *));
-extern char		*denlstring __P((char *));
+extern char		*denlstring __P((char *, int, int));
 
 /* ellipsis is a different case though */
 #ifdef __STDC__
diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c
index 0e68673c4fd7..3f6e1828855c 100644
--- a/usr.sbin/sendmail/src/util.c
+++ b/usr.sbin/sendmail/src/util.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)util.c	8.39.1.2 (Berkeley) 2/10/95";
+static char sccsid[] = "@(#)util.c	8.39.1.5 (Berkeley) 3/5/95";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -1485,7 +1485,7 @@ cleanstrcpy(t, f, l)
 {
 #ifdef LOG
 	/* check for newlines and log if necessary */
-	(void) denlstring(f);
+	(void) denlstring(f, TRUE, TRUE);
 #endif
 
 	l--;
@@ -1506,6 +1506,8 @@ cleanstrcpy(t, f, l)
 **
 **	Parameters:
 **		s -- the input string
+**		strict -- if set, don't permit continuation lines.
+**		logattacks -- if set, log attempted attacks.
 **
 **	Returns:
 **		A pointer to a version of the string with newlines
@@ -1513,15 +1515,21 @@ cleanstrcpy(t, f, l)
 */
 
 char *
-denlstring(s)
+denlstring(s, strict, logattacks)
 	char *s;
+	int strict;
+	int logattacks;
 {
 	register char *p;
 	int l;
 	static char *bp = NULL;
 	static int bl = 0;
 
-	if (strchr(s, '\n') == NULL)
+	p = s;
+	while ((p = strchr(p, '\n')) != NULL)
+		if (strict || (*++p != ' ' && *p != '\t'))
+			break;
+	if (p == NULL)
 		return s;
 
 	l = strlen(s) + 1;
@@ -1538,9 +1546,12 @@ denlstring(s)
 		*p++ = ' ';
 
 #ifdef LOG
-	p = macvalue('_', CurEnv);
-	syslog(LOG_ALERT, "POSSIBLE ATTACK from %s: newline in string \"%s\"",
-		p == NULL ? "[UNKNOWN]" : p, bp);
+	if (logattacks)
+	{
+		syslog(LOG_NOTICE, "POSSIBLE ATTACK from %s: newline in string \"%s\"",
+			RealHostName == NULL ? "[UNKNOWN]" : RealHostName,
+			shortenstring(bp, 80));
+	}
 #endif
 
 	return bp;
diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c
index 25ed8c0cbc63..14ba2462f8c9 100644
--- a/usr.sbin/sendmail/src/version.c
+++ b/usr.sbin/sendmail/src/version.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.6.10.1 (Berkeley) 2/7/95";
+static char sccsid[] = "@(#)version.c	8.6.11.1 (Berkeley) 2/28/95";
 #endif /* not lint */
 
-char	Version[] = "8.6.10";
+char	Version[] = "8.6.11";