Hello everyone,
these days you can read dozens of articles that implitely claim that
the following code will produce more than one mail message at a time
if used by a malicous user.
I doubt that it is true, but I'd like to ask here, because you know
your mta better than I. The c code to access postdrop/sendmail is the
following:
...
errno = 0;
sendmail = popen(sendmail_cmd, "w");
if (sendmail) {
...
fprintf(sendmail, "To: %s\n", to);
fprintf(sendmail, "Subject: %s\n", subject);
if (hdr != NULL) {
fprintf(sendmail, "%s\n", hdr);
}
fprintf(sendmail, "\n%s\n", message);
ret = pclose(sendmail);
...
Let's assume that a pipe has been opened successfuly to sendmail.
Now some say that if content of hdr can be manipulated in a way that
it contains something like the following would make sendmail (and
other mtas) to produce *two* messages (because of the dot which indeed
is an indicator of the end of a message for SMTP in RFC2821). But if I
am right, we do not "talk" SMTP here.
In their imagination the content could be e.g.
To: some...@somewhere
Subject: inquiry
From: f...@addresse
To: s...
<http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer.de
BCC: s...
<http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer2.de,
s...
<http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer3.de,
s...
<http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer999.de
Subject: Buy cheap Viagra!
Buy cheap Viagra and Vicodine here: http://spamsite.com/
.
[headers for message 2]
Hallo,
habe eine Frage.
.
I am not asking about the possibility of multiple copies caused by the
Bcc header field, but only, if a single dot in one line followed by
CRLF or LF will make sendmail to send two different messages.
Has postdrop/sendmail ever been prone to that in earlier versions ?
BTW: I think it is important to be security aware and I do not want to
ridicule concerns regarding secure software and also not those who
publish that.
Best regards,
Oliver Block
