CVSROOT: /cvs
Module name: src
Changes by: gil...@cvs.openbsd.org 2009/11/05 16:30:01
Modified files:
usr.sbin/smtpd : smtp_session.c
Log message:
evbuffer_readline() assumes end of line to be \r, \n, \r\n, \n\r or \r\r.
smtp protocol expects lines to end with \r\n.
if a client sends a very long line which is unfortunately read up to \r,
evbuffer_readline() will return the line, then will detect another line
when the buffer is filled again and starts with \n, returning again with
an empty line. this is a bug which trigger very rarely and usually shows
up as an empty line in the middle of headers, causing all subsequent
headers to appear as part of the body to most mail user agents.
upstream fixes this with evbuffer_readln() in version 2.0 of libevent, a
mail will be sent to see if they can backport it, meanwhile we fix it by
introducing evbuffer_readln_crlf().
discussed with and ok jacekm@
