Security fix release.

svn path=/trunk/; revision=3775

diff --git a/Makefile.in b/Makefile.in
index 1b0a714dd4ce0e67a2329a761d3286846f1bfb2a..73252e079b592eac2a1d17a827d5edcffa961d04 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -4,7 +4,7 @@
 # So just uncomment all the lines marked QNX.
 
 PACKAGE = fetchmail
-VERSION = 6.1.3
+VERSION = 6.2.0
 
 # Ultrix 2.2 make doesn't expand the value of VPATH.
 srcdir = @srcdir@

diff --git a/fetchmail.man b/fetchmail.man
index d6122d335b3c3b351b0c636d822c1e7910970098..2c51dd83fec3606e9340f5cd76e261be9474f481 100644 (file)
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1110,6 +1110,10 @@ The
 .I postfix
 MTA runs 554 as an antispam response.
 .PP
+.I Zmailer 
+may reject code with a 500 response (followed by an enhanced status
+code that contains more information).
+.PP
 Return codes which 
 .I fetchmail
 treats as antispam responses and discards

diff --git a/indexgen.sh b/indexgen.sh
index 739cbc6e78898b35512b906f561cf3a733670232..37e3fb062dca7b070b445f1fdbc4017e1e0bcd44 100755 (executable)
--- a/indexgen.sh
+++ b/indexgen.sh
@@ -163,7 +163,7 @@ checksum file is cryptographically signed and can be verified with the
 command:</p>
 
 <pre>
-gpg --verify checksums.asc
+gpg --verify checksums
 </pre>
 
 EOF
@@ -228,7 +228,8 @@ FAQ covers them like a blanket.</p>
 href="../index.html">Eric S. Raymond</a>.  There are some designated
 backup maintainers (<a href="mailto:funk+@osu.edu">Rob Funk</a>, <a
 href="http://www.dallas.net/~fox/">David DeSimone aka Fuzzy Fox</a>,
-<a href="mailto:imdave@mcs.net">Dave Bodenstab</a>).  Other backup
+<a href="mailto:imdave@mcs.net">Dave Bodenstab</a> and <a 
+href="mailto:shetye@bombay.retortsoft.com">Sunil Shetye</a>).  Other backup
 maintainers may be added in the future, in order to ensure continued
 support should Eric S.  Raymond drop permanently off the net for any
 reason.</p>

diff --git a/rfc822.c b/rfc822.c
index 1957c03774cbdc9005f9f25db59efd41f0c0d546..9e3226e6765cc9d0a76ba095ba891e16cccae467 100644 (file)
--- a/rfc822.c
+++ b/rfc822.c
@@ -76,7 +76,7 @@ const unsigned char *host;    /* server hostname */
     for (cp = buf; *cp; cp++)
        if (*cp == ',' || isspace(*cp))
            addresscount++;
-    buf = (unsigned char *)xrealloc(buf, strlen(buf) + addresscount * strlen(host) + 1);
+    buf = (unsigned char *)xrealloc(buf, strlen(buf) + addresscount * (strlen(host) + 1) + 1);
 #endif /* MAIN */
 
     /*

diff --git a/smtp.c b/smtp.c
index 6c3575710703bd7339cf5fd9c5d2a1202cc89692..44b2298986b961ecd7725022c315497c545de094 100644 (file)
--- a/smtp.c
+++ b/smtp.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <unistd.h>
 #include <string.h>
+#include <signal.h>
 #include "fetchmail.h"
 #include "socket.h"
 #include "smtp.h"
@@ -322,29 +323,60 @@ int SMTP_eom(int sock)
   return ok;
 }
 
+/* ignore SIGALRM signal indicating a timeout during smtp ok */
+static void smtp_timeout_handler (int signal) { }
+
 int SMTP_ok(int sock)
 /* returns status of SMTP connection */
 {
+    void (*alrmsave)(int);
+
+    /* set an alarm for smtp ok */
+    alrmsave = signal(SIGALRM, smtp_timeout_handler);
+    set_timeout(mytimeout);
+
     while ((SockRead(sock, smtp_response, sizeof(smtp_response)-1)) != -1)
     {
-       int  n = strlen(smtp_response);
+       int n;
 
-       if (smtp_response[strlen(smtp_response)-1] == '\n')
-           smtp_response[strlen(smtp_response)-1] = '\0';
-       if (smtp_response[strlen(smtp_response)-1] == '\r')
-           smtp_response[strlen(smtp_response)-1] = '\0';
-       if (n < 4)
-           return SM_ERROR;
+       /* restore alarm */
+       set_timeout(0);
+       signal(SIGALRM, alrmsave);
+
+       n = strlen(smtp_response);
+       if (n > 0 && smtp_response[n-1] == '\n')
+           n--;
+       if (n > 0 && smtp_response[n-1] == '\r')
+           n--;
        smtp_response[n] = '\0';
        if (outlevel >= O_MONITOR)
            report(stdout, "%cMTP< %s\n", smtp_mode, smtp_response);
-       if ((smtp_response[0] == '1' || smtp_response[0] == '2' || smtp_response[0] == '3') && smtp_response[3] == ' ')
+       if (n < 4 ||
+           (smtp_response[3] != ' ' && smtp_response[3] != '-'))
+       {
+           if (outlevel >= O_MONITOR)
+               report(stderr, GT_("smtp listener protocol error\n"));
+           return SM_UNRECOVERABLE;
+       }
+
+       if ((smtp_response[0] == '1' || smtp_response[0] == '2' || smtp_response[0] == '3') &&
+           smtp_response[3] == ' ')
            return SM_OK;
        else if (smtp_response[3] != '-')
            return SM_ERROR;
+
+       /* set an alarm for smtp ok */
+       signal(SIGALRM, smtp_timeout_handler);
+       set_timeout(mytimeout);
+
     }
+
+    /* restore alarm */
+    set_timeout(0);
+    signal(SIGALRM, alrmsave);
+
     if (outlevel >= O_MONITOR)
-       report(stderr, GT_("smtp listener protocol error"));
+       report(stderr, GT_("smtp listener protocol error\n"));
     return SM_UNRECOVERABLE;
 }