14 files changed, 93 insertions, 37 deletions

diff --git a/contrib/sendmail/RELEASE_NOTES b/contrib/sendmail/RELEASE_NOTES
index 83e5df6ebf919..ad6aecf9b2921 100644
--- a/contrib/sendmail/RELEASE_NOTES
+++ b/contrib/sendmail/RELEASE_NOTES
@@ -1,11 +1,26 @@
 			SENDMAIL RELEASE NOTES
-      $Id: RELEASE_NOTES,v 8.561.2.5.2.254 2001/07/31 22:42:46 gshapiro Exp $
+      $Id: RELEASE_NOTES,v 8.561.2.5.2.261 2001/08/20 14:45:32 gshapiro Exp $
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.11.6/8.11.6	2001/08/20
+	SECURITY: Fix a possible memory access violation when specifying
+		out-of-bounds debug parameters.  Problem detected by
+		Cade Cairns of SecurityFocus.
+	Avoid leaking recipient information in unrelated DSNs.  This could
+		happen if a connection is aborted, several mails had been
+		scheduled for delivery via that connection, and the timeout
+		is reached such that several DSNs are sent next.  Problem
+		noted by Dileepan Moorkanat of Hewlett-Packard.
+	Fix a possible segmentation violation when specifying too many
+		wildcard operators in a rule.  Problem detected by
+		Werner Wiethege.
+	Avoid a segmentation fault on non-matching Hesiod lookups.  Problem
+		noted by Russell McOrmond of flora.ca
+
 8.11.5/8.11.5	2001/07/31
 	Fix a possible race condition when sending a HUP signal to restart
 		the daemon.  This could terminate the current process without
diff --git a/contrib/sendmail/cf/README b/contrib/sendmail/cf/README
index d50bfd452bf0e..820c60937de92 100644
--- a/contrib/sendmail/cf/README
+++ b/contrib/sendmail/cf/README
@@ -433,7 +433,7 @@ DECNET_RELAY	The host that will accept DECNET-addressed email.
 FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
 		The "fax" mailer overrides this value.
 LOCAL_RELAY	The site that will handle unqualified names -- that
-		is, names with out an @domain extension.
+		is, names without an @domain extension.
 		Normally MAIL_HUB is preferred for this function.
 		LOCAL_RELAY is mostly useful in conjunction with
 		FEATURE(stickyhost) -- see the discussion of
@@ -2148,7 +2148,7 @@ If a certain level of encryption is required, then it might also be
 possible that this level is provided by the security layer from a SASL
 algorithm, e.g., DIGEST-MD5.
 
-Example: e-mail send to secure.example.com should only use an encrypted
+Example: e-mail sent to secure.example.com should only use an encrypted
 connection. e-mail received from hosts within the laptop.example.com domain
 should only be accepted if they have been authenticated.
 TLS_Srv:secure.example.com      ENCR:112
@@ -3313,4 +3313,4 @@ M4 DIVERSIONS
    8	DNS based blacklists
    9	special local rulesets (1 and 2)
 
-$Revision: 8.383.2.1.2.47 $, Last updated $Date: 2001/07/13 22:31:49 $
+$Revision: 8.383.2.1.2.49 $, Last updated $Date: 2001/08/14 15:25:36 $
diff --git a/contrib/sendmail/cf/m4/version.m4 b/contrib/sendmail/cf/m4/version.m4
index e04d15e99eec2..adc2c2cb079b3 100644
--- a/contrib/sendmail/cf/m4/version.m4
+++ b/contrib/sendmail/cf/m4/version.m4
@@ -11,8 +11,8 @@ divert(-1)
 # the sendmail distribution.
 #
 #
-VERSIONID(`$Id: version.m4,v 8.39.4.33 2001/07/31 22:34:17 gshapiro Exp $')
+VERSIONID(`$Id: version.m4,v 8.39.4.35 2001/08/20 14:45:34 gshapiro Exp $')
 #
 divert(0)
 # Configuration version number
-DZ8.11.5`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.11.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
diff --git a/contrib/sendmail/doc/op/op.me b/contrib/sendmail/doc/op/op.me
index 0c0edeb0f0dd4..802e3b7be5ce0 100644
--- a/contrib/sendmail/doc/op/op.me
+++ b/contrib/sendmail/doc/op/op.me
@@ -9,7 +9,7 @@
 .\" the sendmail distribution.
 .\"
 .\"
-.\"	$Id: op.me,v 8.317.4.70 2001/07/24 04:08:25 ca Exp $
+.\"	$Id: op.me,v 8.317.4.71 2001/08/14 15:26:00 ca Exp $
 .\"
 .\" eqn op.me | pic | troff -me
 .\"
@@ -87,7 +87,7 @@ eric@Sendmail.COM
 .de Ve
 Version \\$2
 ..
-.Ve $Revision: 8.317.4.70 $
+.Ve $Revision: 8.317.4.71 $
 .rm Ve
 .sp
 For Sendmail Version 8.11
@@ -6441,7 +6441,7 @@ only root and the owner of the queue directory
 can run the queue.
 Authentication Warnings add warnings about various conditions
 that may indicate attempts to spoof the mail system,
-such as using an non-standard queue directory.
+such as using a non-standard queue directory.
 .ip ProcessTitlePrefix=\fIstring\fP
 [no short name]
 Prefix the process title shown on 'ps' listings with
@@ -9475,7 +9475,7 @@ replace it with a blank sheet for double-sided output.
 .\".sz 10
 .\"Eric Allman
 .\".sp
-.\"Version $Revision: 8.317.4.70 $
+.\"Version $Revision: 8.317.4.71 $
 .\".ce 0
 .bp 3
 .ce
diff --git a/contrib/sendmail/src/README b/contrib/sendmail/src/README
index 3b9f0f93c1960..fd8d5ee982042 100644
--- a/contrib/sendmail/src/README
+++ b/contrib/sendmail/src/README
@@ -9,7 +9,7 @@
 # the sendmail distribution.
 #
 #
-#	$Id: README,v 8.263.2.1.2.37 2001/06/03 03:41:12 ca Exp $
+#	$Id: README,v 8.263.2.1.2.38 2001/08/15 22:07:11 gshapiro Exp $
 #
 
 This directory contains the source files for sendmail(TM).
@@ -114,6 +114,7 @@ HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
 		must already have Hesiod support on your system for this to
 		work.  You may be able to get this to work with the MIT/Athena
 		version of Hesiod, but that's likely to be a lot of work.
+		BIND 8.X also includes Hesiod support.
 LDAPMAP		Lightweight Directory Access Protocol support.  You will
 		have to install the UMich or OpenLDAP
 		(http://www.openldap.org/) ldap and lber libraries to use
@@ -1729,4 +1730,4 @@ util.c		Some general purpose routines used by sendmail.
 version.c	The version number and information about this
 		version of sendmail.
 
-(Version $Revision: 8.263.2.1.2.37 $, last update $Date: 2001/06/03 03:41:12 $ )
+(Version $Revision: 8.263.2.1.2.38 $, last update $Date: 2001/08/15 22:07:11 $ )
diff --git a/contrib/sendmail/src/clock.c b/contrib/sendmail/src/clock.c
index 1a364788d406a..0e3ec9493bc5e 100644
--- a/contrib/sendmail/src/clock.c
+++ b/contrib/sendmail/src/clock.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: clock.c,v 8.52.18.17 2001/07/31 23:04:59 ca Exp $";
+static char id[] = "@(#)$Id: clock.c,v 8.52.18.18 2001/08/14 16:07:04 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -426,6 +426,8 @@ pend_signal(sig)
 		abort();
 
 		/* NOTREACHED */
+		/* shut up stupid compiler warning on HP-UX 11 */
+		sigbit = 0;
 		break;
 	}
 
diff --git a/contrib/sendmail/src/err.c b/contrib/sendmail/src/err.c
index 3f85c60359849..d259db2ed0e6a 100644
--- a/contrib/sendmail/src/err.c
+++ b/contrib/sendmail/src/err.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: err.c,v 8.120.4.3 2001/05/30 00:22:26 gshapiro Exp $";
+static char id[] = "@(#)$Id: err.c,v 8.120.4.5 2001/08/17 22:09:40 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -776,10 +776,27 @@ fmtmsg(eb, to, num, enhsc, eno, fmt, ap)
 		spaceleft -= l;
 	}
 
-	/* output the "to" person */
+	/*
+	**  output the "to" address only if it is defined and one of the
+	**  following codes is used:
+	**  050 internal notices, e.g., alias expansion
+	**  250 Ok
+	**  252 Cannot VRFY user, but will accept message and attempt delivery
+	**  450 Requested mail action not taken: mailbox unavailable
+	**  550 Requested action not taken: mailbox unavailable
+	**  553 Requested action not taken: mailbox name not allowed
+	**
+	**  Notice: this still isn't "the right thing", this code shouldn't
+	**	(indirectly) depend on CurEnv->e_to.
+	*/
+
 	if (to != NULL && to[0] != '\0' &&
-	    strncmp(num, "551", 3) != 0 &&
-	    strncmp(num, "251", 3) != 0)
+	    (strncmp(num, "050", 3) == 0 ||
+	     strncmp(num, "250", 3) == 0 ||
+	     strncmp(num, "252", 3) == 0 ||
+	     strncmp(num, "450", 3) == 0 ||
+	     strncmp(num, "550", 3) == 0 ||
+	     strncmp(num, "553", 3) == 0))
 	{
 		(void) snprintf(eb, spaceleft, "%s... ",
 			shortenstring(to, MAXSHORTSTR));
diff --git a/contrib/sendmail/src/map.c b/contrib/sendmail/src/map.c
index 04b040ffa72be..78f8a02a08a4f 100644
--- a/contrib/sendmail/src/map.c
+++ b/contrib/sendmail/src/map.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: map.c,v 8.414.4.54 2001/06/01 08:23:24 gshapiro Exp $";
+static char id[] = "@(#)$Id: map.c,v 8.414.4.55 2001/08/15 22:08:58 gshapiro Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -5359,7 +5359,8 @@ hes_map_lookup(map, name, av, statp)
 			  *statp = EX_UNAVAILABLE;
 			  break;
 		}
-		hesiod_free_list(HesiodContext, hp);
+		if (hp != NULL)
+			hesiod_free_list(HesiodContext, hp);
 		return NULL;
 	}
 # else /* HESIOD_INIT */
diff --git a/contrib/sendmail/src/milter.c b/contrib/sendmail/src/milter.c
index 5d5d2609e01d0..9782004a43bd6 100644
--- a/contrib/sendmail/src/milter.c
+++ b/contrib/sendmail/src/milter.c
@@ -9,7 +9,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: milter.c,v 8.50.4.51 2001/07/20 00:53:01 gshapiro Exp $";
+static char id[] = "@(#)$Id: milter.c,v 8.50.4.53 2001/08/15 02:01:03 ca Exp $";
 #endif /* ! lint */
 
 #if _FFR_MILTER
@@ -1100,7 +1100,7 @@ milter_setup(line)
 	m->mf_name = newstr(line);
 	m->mf_state = SMFS_READY;
 	m->mf_sock = -1;
- 	m->mf_timeout[SMFTO_CONNECT] = (time_t) 0;
+	m->mf_timeout[SMFTO_CONNECT] = (time_t) 0;
 	m->mf_timeout[SMFTO_WRITE] = (time_t) 10;
 	m->mf_timeout[SMFTO_READ] = (time_t) 10;
 	m->mf_timeout[SMFTO_EOM] = (time_t) 300;
@@ -1132,10 +1132,6 @@ milter_setup(line)
 		/* install the field into the filter struct */
 		switch (fcode)
 		{
-		  case 'C':
-			m->mf_timeout[SMFTO_CONNECT] = convtime(p, 's');
-			break;
-
 		  case 'S':		/* socket */
 			if (p == NULL)
 				m->mf_conn = NULL;
@@ -1281,6 +1277,14 @@ milter_parse_timeouts(spec, m)
 		/* install the field into the filter struct */
 		switch (fcode)
 		{
+		  case 'C':
+			m->mf_timeout[SMFTO_CONNECT] = convtime(p, 's');
+			if (tTd(64, 5))
+				printf("X%s: %c=%ld\n",
+				       m->mf_name, fcode,
+				       (u_long) m->mf_timeout[SMFTO_CONNECT]);
+			break;
+
 		  case 'S':
 			m->mf_timeout[SMFTO_WRITE] = convtime(p, 's');
 			if (tTd(64, 5))
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index adbb8b14af56c..9b51c73e5ae3b 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: parseaddr.c,v 8.234.4.12 2001/05/03 17:24:11 gshapiro Exp $";
+static char id[] = "@(#)$Id: parseaddr.c,v 8.234.4.13 2001/08/14 23:08:13 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -767,9 +767,6 @@ struct match
 	char	**match_pattern;	/* pointer to pattern */
 };
 
-#define MAXMATCH	9	/* max params per rewrite */
-
-
 int
 rewrite(pvp, ruleset, reclevel, e)
 	char **pvp;
diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c
index cb1923b660312..73acff59daa3c 100644
--- a/contrib/sendmail/src/readcf.c
+++ b/contrib/sendmail/src/readcf.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: readcf.c,v 8.382.4.42 2001/07/31 22:30:24 gshapiro Exp $";
+static char id[] = "@(#)$Id: readcf.c,v 8.382.4.43 2001/08/14 23:08:13 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -267,6 +267,11 @@ readcf(cfname, safe, e)
 				syserr("R line: null LHS");
 				rwp->r_lhs = null_list;
 			}
+			if (nfuzzy > MAXMATCH)
+			{
+				syserr("R line: too many wildcards");
+				rwp->r_lhs = null_list;
+			}
 
 			/* expand and save the RHS */
 			while (*++p == '\t')
diff --git a/contrib/sendmail/src/sendmail.h b/contrib/sendmail/src/sendmail.h
index 1ead2de7dc465..611116cff3f09 100644
--- a/contrib/sendmail/src/sendmail.h
+++ b/contrib/sendmail/src/sendmail.h
@@ -20,7 +20,7 @@
 #ifdef _DEFINE
 # define EXTERN
 # ifndef lint
-static char SmailId[] =	"@(#)$Id: sendmail.h,v 8.517.4.69 2001/07/20 18:46:01 gshapiro Exp $";
+static char SmailId[] =	"@(#)$Id: sendmail.h,v 8.517.4.70 2001/08/14 23:08:12 ca Exp $";
 # endif /* ! lint */
 #else /* _DEFINE */
 # define EXTERN extern
@@ -765,6 +765,8 @@ struct rewrite
 /* to make the code clearer */
 #define MATCHZERO	CANONHOST
 
+#define MAXMATCH	9	/* max params per rewrite */
+
 /* external <==> internal mapping table */
 struct metamac
 {
diff --git a/contrib/sendmail/src/trace.c b/contrib/sendmail/src/trace.c
index 6f08dead0e73a..735ef83db3b28 100644
--- a/contrib/sendmail/src/trace.c
+++ b/contrib/sendmail/src/trace.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: trace.c,v 8.20.22.2 2000/09/17 17:04:27 gshapiro Exp $";
+static char id[] = "@(#)$Id: trace.c,v 8.20.22.4 2001/08/15 13:05:43 ca Exp $";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -63,7 +63,7 @@ void
 tTflag(s)
 	register char *s;
 {
-	int first, last;
+	unsigned int first, last;
 	register unsigned int i;
 
 	if (*s == '\0')
@@ -73,16 +73,28 @@ tTflag(s)
 	{
 		/* find first flag to set */
 		i = 0;
-		while (isascii(*s) && isdigit(*s))
+		while (isascii(*s) && isdigit(*s) && i < tTsize)
 			i = i * 10 + (*s++ - '0');
+
+		/*
+		**  skip over rest of a too large number
+		**  Maybe we should complain if out-of-bounds values are used.
+		*/
+
+		while (isascii(*s) && isdigit(*s) && i >= tTsize)
+			s++;
 		first = i;
 
 		/* find last flag to set */
 		if (*s == '-')
 		{
 			i = 0;
-			while (isascii(*++s) && isdigit(*s))
+			while (isascii(*++s) && isdigit(*s) && i < tTsize)
 				i = i * 10 + (*s - '0');
+
+			/* skip over rest of a too large number */
+			while (isascii(*s) && isdigit(*s) && i >= tTsize)
+				s++;
 		}
 		last = i;
 
diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c
index ac05788ce598f..ce675c74ceeff 100644
--- a/contrib/sendmail/src/version.c
+++ b/contrib/sendmail/src/version.c
@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)$Id: version.c,v 8.43.4.37 2001/07/31 22:34:20 gshapiro Exp $";
+static char id[] = "@(#)$Id: version.c,v 8.43.4.39 2001/08/20 14:45:34 gshapiro Exp $";
 #endif /* ! lint */
 
-char	Version[] = "8.11.5";
+char	Version[] = "8.11.6";