This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --936542718-202716889-916804045=:22212 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sat, 12 Dec 1998, Michal Zalewski wrote: > 2. 'Headers prescan' DoS > > There are possible DoS attacks due to ineffective headers prescan > algorithm. Two or three medium-size (200 kb) mail messages may render > system unusable for quite long period of time (as headers are parsed at > least twice, on message collection and in queue). Exploit sold separately > :-) Hi, After thinking that we may need more header lines allowed for when we need to do mailouts to large numbers of our users, I've written up a slightly nicer version of Michals patch that allows the maximum number of header lines to be set in sendmail.cf. It saves on recompiles :-) For sendmail.cf: O MaxHeaderLines=<number> For M4 configuration: define(`confMAX_HEADER_LINES',<number>)dnl The patch is attached, and should have an MD5 signature of f38ff30ea30ec0c2b2000f4586b03a0b. Michals patch will need to be removed (patch -R) before application. Regards, Nic. +------ Nic Bellamy <nic.bat_private> -----+ | UN*X Programmer, The Internet Group (NZ). | | http://www.ihug.co.nz/ | +-------------------------------------------+ --936542718-202716889-916804045=:22212 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="MaxHeaderLines.diff" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.3.96.990120164725.22212Bat_private> Content-Description: ZGlmZiAtcnVOIHNlbmRtYWlsLTguOS4yLWNsZWFuL2NmL200L3Byb3RvLm00 IHNlbmRtYWlsLTguOS4yL2NmL200L3Byb3RvLm00DQotLS0gc2VuZG1haWwt OC45LjItY2xlYW4vY2YvbTQvcHJvdG8ubTQJV2VkIERlYyAzMCAwNjo0Mjow NyAxOTk4DQorKysgc2VuZG1haWwtOC45LjIvY2YvbTQvcHJvdG8ubTQJV2Vk IEphbiAyMCAxNToyMjoyMSAxOTk5DQpAQCAtNDc4LDYgKzQ3OCwxMCBAQA0K IGAjIE1heGltdW0gTUlNRSBoZWFkZXIgbGVuZ3RoIHRvIHByb3RlY3QgTVVB cw0KIE8gTWF4TWltZUhlYWRlckxlbmd0aD1jb25mTUFYX01JTUVfSEVBREVS X0xFTkdUSA0KICcpDQoraWZkZWYoYGNvbmZNQVhfSEVBREVSX0xJTkVTJywN CitgIyBNYXhpbXVtIG51bWJlciBvZiBoZWFkZXIgbGluZXMgdG8gcHJvdGVj dCBhZ2FpbnN0IGRlbmlhbCBvZiBzZXJ2aWNlIGF0dGFja3MNCitPIE1heEhl YWRlckxpbmVzPWNvbmZNQVhfSEVBREVSX0xJTkVTDQorJykNCiANCiAjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMNCiAjICAgTWVzc2FnZSBwcmVjZWRl bmNlcyAgICMNCmRpZmYgLXJ1TiBzZW5kbWFpbC04LjkuMi1jbGVhbi9zcmMv Y29sbGVjdC5jIHNlbmRtYWlsLTguOS4yL3NyYy9jb2xsZWN0LmMNCi0tLSBz ZW5kbWFpbC04LjkuMi1jbGVhbi9zcmMvY29sbGVjdC5jCVdlZCBEZWMgMzAg MDY6NDI6MTggMTk5OA0KKysrIHNlbmRtYWlsLTguOS4yL3NyYy9jb2xsZWN0 LmMJV2VkIEphbiAyMCAxNToxOTozNyAxOTk5DQpAQCAtODIsNiArODIsNyBA QA0KIAljaGFyIGJ1ZmJ1ZltNQVhMSU5FXTsNCiAJZXh0ZXJuIGJvb2wgaXNo ZWFkZXIgX19QKChjaGFyICopKTsNCiAJZXh0ZXJuIHZvaWQgdGZlcnJvciBf X1AoKEZJTEUgKnZvbGF0aWxlLCBFTlZFTE9QRSAqKSk7DQorCWludCBoZWFk ZXJfbGluZXMgPSAwOw0KIA0KIAloZWFkZXJvbmx5ID0gaGRycCAhPSBOVUxM Ow0KIA0KQEAgLTMyOSw2ICszMzAsMTggQEANCiAJCQl7DQogCQkJCW1zdGF0 ZSA9IE1TX0JPRFk7DQogCQkJCWdvdG8gbmV4dHN0YXRlOw0KKwkJCX0NCisN CisJCQloZWFkZXJfbGluZXMrKzsNCisJCQlpZiAoTWF4SGVhZGVyTGluZXMg PiAwDQorCQkJCQkmJiBoZWFkZXJfbGluZXMgPiBNYXhIZWFkZXJMaW5lcykN CisJCQl7DQorCQkJCXNtX3N5c2xvZyhMT0dfTk9USUNFLCBlLT5lX2lkLA0K KwkJCQkJCSJFeGNlc3NpdmUgaGVhZGVycyBmcm9tICVzIGR1cmluZyBtZXNz YWdlIGNvbGxlY3QiLCBDdXJIb3N0TmFtZSA/IEN1ckhvc3ROYW1lIDogIjxs b2NhbCBtYWNoaW5lPiIpOw0KKwkJCQllcnJubyA9IDA7DQorCQkJCXVzcmVy cigiNDUxIEV4Y2Vzc2l2ZSBoZWFkZXJzICglZCkuIiwNCisJCQkJCQlNYXhI ZWFkZXJMaW5lcyk7DQorCQkJCWdvdG8gcmVhZGVycjsNCiAJCQl9DQogDQog CQkJLyogY2hlY2sgZm9yIHBvc3NpYmxlIGNvbnRpbnVhdGlvbiBsaW5lICov DQpkaWZmIC1ydU4gc2VuZG1haWwtOC45LjItY2xlYW4vc3JjL3JlYWRjZi5j IHNlbmRtYWlsLTguOS4yL3NyYy9yZWFkY2YuYw0KLS0tIHNlbmRtYWlsLTgu OS4yLWNsZWFuL3NyYy9yZWFkY2YuYwlXZWQgRGVjIDMwIDA2OjQyOjIyIDE5 OTgNCisrKyBzZW5kbWFpbC04LjkuMi9zcmMvcmVhZGNmLmMJV2VkIEphbiAy MCAxNToyNjowNCAxOTk5DQpAQCAtMTUyNyw2ICsxNTI3LDggQEANCiAjZGVm aW5lIE9fQ09OVFJPTFNPQ0tFVAkweGE5DQogCXsgIkNvbnRyb2xTb2NrZXRO YW1lIiwJCU9fQ09OVFJPTFNPQ0tFVCwJRkFMU0UJfSwNCiAjZW5kaWYNCisj ZGVmaW5lIE9fTUFYSEVBREVSTElORVMgMHhhYQ0KKwl7ICJNYXhIZWFkZXJM aW5lcyIsCQlPX01BWEhFQURFUkxJTkVTLAlGQUxTRSAgIH0sDQogCXsgTlVM TCwJCQkJJ1wwJywJCUZBTFNFCX0NCiB9Ow0KIA0KQEAgLTI0NjUsNiArMjQ2 NywxNiBAQA0KIAkJQ29udHJvbFNvY2tldE5hbWUgPSBuZXdzdHIodmFsKTsN CiAJCWJyZWFrOw0KICNlbmRpZg0KKwkgIGNhc2UgT19NQVhIRUFERVJMSU5F UzoNCisJCU1heEhlYWRlckxpbmVzID0gYXRvaSh2YWwpOw0KKwkJaWYgKE1h eEhlYWRlckxpbmVzIDwgMTI4KQ0KKwkJew0KKwkJCXByaW50ZigiV2Fybmlu ZzogTWF4SGVhZGVyTGluZXM6IG1heCBsaW5lcyBsb3dlciB0aGFuIDEyOFxu Iik7DQorCQl9DQorCQllbHNlIGlmIChNYXhIZWFkZXJMaW5lcyA+IDEwMjQw KQ0KKwkJew0KKwkJCXByaW50ZigiV2FybmluZzogTWF4SGVhZGVyTGluZXM6 IG1heCBsaW5lcyBsYXJnZXIgdGhhbiAxMDI0MCAtIG1heSBub3QgcHJvdGVj dCBhZ2FpbnN0IGF0dGFja3NcbiIpOw0KKwkJfQ0KIA0KIAkgIGRlZmF1bHQ6 DQogCQlpZiAodFRkKDM3LCAxKSkNCmRpZmYgLXJ1TiBzZW5kbWFpbC04Ljku Mi1jbGVhbi9zcmMvc2VuZG1haWwuaCBzZW5kbWFpbC04LjkuMi9zcmMvc2Vu ZG1haWwuaA0KLS0tIHNlbmRtYWlsLTguOS4yLWNsZWFuL3NyYy9zZW5kbWFp bC5oCVdlZCBEZWMgMzAgMDY6NDI6MTkgMTk5OA0KKysrIHNlbmRtYWlsLTgu OS4yL3NyYy9zZW5kbWFpbC5oCVdlZCBKYW4gMjAgMTU6MjE6NDUgMTk5OQ0K QEAgLTEyOTEsNiArMTI5MSw3IEBADQogCQkJCQkvKiBzYXZlZCB1c2VyIGVu dmlyb25tZW50ICovDQogRVhURVJOIGludAlNYXhNaW1lSGVhZGVyTGVuZ3Ro OwkvKiBtYXhpbXVtIE1JTUUgaGVhZGVyIGxlbmd0aCAqLw0KIEVYVEVSTiBp bnQJTWF4TWltZUZpZWxkTGVuZ3RoOwkvKiBtYXhpbXVtIE1JTUUgZmllbGQg bGVuZ3RoICovDQorRVhURVJOIGludAlNYXhIZWFkZXJMaW5lczsJCS8qIG1h eGltdW0gbnVtYmVyIG9mIGhlYWRlciBsaW5lcyAqLw0KIA0KIGV4dGVybiBp bnQJZXJybm87DQogDQo= --936542718-202716889-916804045=:22212--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:24 PDT