[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Segfault in post from mime quoted names in aliases

From: Ralph Corderoy
Subject: Re: [Nmh-workers] Segfault in post from mime quoted names in aliases
Date: Wed, 12 Apr 2017 14:24:32 +0100

Hi Johan,

> > > This alias file is enough to cause this:
> > >
> > > n1: =?iso-8859-1?Q?gnillen?= <address@hidden>
> > > n2: =?iso-8859-1?Q?gnillen?= <address@hidden>
> >
> > According to mh-alias(5), that's looking up a Unix group called
> > `?iso...'.  Though I agree post(8) shouldn't SEGV.
> Hah! Didn't know that (should read the friendly manuals more often).

I'd forgotten until I peered at the code just now.

> So a workaround for now is to add one character in front of the
> encoding. That will work until I get an Örjan in my recipients.

It would be nice if one of the developers could also re-create post's
SEGV to get that fixed.

Meanwhile, I noticed uip/ali.c has

    if (!noalias) {
        /* allow Aliasfile: profile entry */
        if ((cp = context_find ("Aliasfile"))) {
            char *dp = NULL;

            for (ap = brkstring(dp = mh_xstrdup(cp), " ", "\n"); ap && *ap; 
                if ((i = alias (*ap)) != AK_OK)
                    adios (NULL, "aliasing error in %s - %s", *ap, akerror (i));
        alias (AliasFile);

So .mh_profile's aliasfile can be multiple files, space separated;  I
don't think the man page documents that.  `noalias' above is from the
-noalias switch, undocumented?  And that last call to alias() for
AliasFile, the system-wide aliases, isn't checked for errors.

    /* This is the global nmh alias file.  It is somewhat obsolete,
     * since global aliases should be handled by the Mail Transport
     * Agent (MTA). */
    char *AliasFile = nmhetcdir (/MailAliases);

However, your personal aliases were checked, so why didn't it complain
about unknown group `?iso...'?  Because addgroup() starts

    static int
    addgroup (struct aka *ak, char *grp)
        char *gp;
        struct group *gr = getgrnam (grp);
        struct home *hm = NULL;

        if (!gr)
            gr = getgrgid (atoi (grp));
        if (!gr) {
            akerrst = grp;
            return 0;

If `?iso...' isn't found by name then it's looked up by its integer
value, 0.  That means user `root' here since group 0 has just root as a
member.  There could be other atoi() faux pas in this area.

Cheers, Ralph.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]