[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] Segfault in post from mime quoted names in aliases
From: |
Ralph Corderoy |
Subject: |
Re: [Nmh-workers] Segfault in post from mime quoted names in aliases |
Date: |
Wed, 12 Apr 2017 14:24:32 +0100 |
Hi Johan,
> > > This alias file is enough to cause this:
> > >
> > > n1: =?iso-8859-1?Q?gnillen?= <address@hidden>
> > > n2: =?iso-8859-1?Q?gnillen?= <address@hidden>
> >
> > According to mh-alias(5), that's looking up a Unix group called
> > `?iso...'. Though I agree post(8) shouldn't SEGV.
>
> Hah! Didn't know that (should read the friendly manuals more often).
I'd forgotten until I peered at the code just now.
> So a workaround for now is to add one character in front of the
> encoding. That will work until I get an Örjan in my recipients.
It would be nice if one of the developers could also re-create post's
SEGV to get that fixed.
Meanwhile, I noticed uip/ali.c has
if (!noalias) {
/* allow Aliasfile: profile entry */
if ((cp = context_find ("Aliasfile"))) {
char *dp = NULL;
for (ap = brkstring(dp = mh_xstrdup(cp), " ", "\n"); ap && *ap;
ap++)
if ((i = alias (*ap)) != AK_OK)
adios (NULL, "aliasing error in %s - %s", *ap, akerror (i));
mh_xfree(dp);
}
alias (AliasFile);
}
So .mh_profile's aliasfile can be multiple files, space separated; I
don't think the man page documents that. `noalias' above is from the
-noalias switch, undocumented? And that last call to alias() for
AliasFile, the system-wide aliases, isn't checked for errors.
/* This is the global nmh alias file. It is somewhat obsolete,
* since global aliases should be handled by the Mail Transport
* Agent (MTA). */
char *AliasFile = nmhetcdir (/MailAliases);
However, your personal aliases were checked, so why didn't it complain
about unknown group `?iso...'? Because addgroup() starts
static int
addgroup (struct aka *ak, char *grp)
{
char *gp;
struct group *gr = getgrnam (grp);
struct home *hm = NULL;
if (!gr)
gr = getgrgid (atoi (grp));
if (!gr) {
akerrst = grp;
return 0;
}
If `?iso...' isn't found by name then it's looked up by its integer
value, 0. That means user `root' here since group 0 has just root as a
member. There could be other atoi() faux pas in this area.
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
- [Nmh-workers] Segfault in post from mime quoted names in aliases, Johan Viklund, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ralph Corderoy, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ken Hornstein, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ralph Corderoy, 2017/04/12
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Robert Elz, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ralph Corderoy, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, Ken Hornstein, 2017/04/13
- Re: [Nmh-workers] Segfault in post from mime quoted names in aliases, norm, 2017/04/13