Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cwjcc!ukma!gatech!rayssd!gmp
From: gmp@rayssd.ray.com (Gregory M. Paris)
Newsgroups: comp.mail.sendmail
Subject: sendmail core dump bugfix
Keywords: null pointer dereference
Message-ID: <10325@rayssd.ray.com>
Date: 20 Sep 89 15:31:08 GMT
Sender: gmp@rayssd.ray.com (Gregory M. Paris @ Raytheon Company, Portsmouth RI)
Reply-To: gmp@rayssd.RAY.COM (Greg Paris)
Organization: Raytheon Submarine Signal Division
Lines: 37

The following patch fixes a bug that's present in every version of sendmail
that I've seen.  In the routine smtpquit, smtpmessage is called with two
arguments, "QUIT" and 0.  The second argument is supposed to be a structure
pointer, which is dereferenced in smtpmessage.  This causes a coredump on
a fairly regular basis, but in any case does not achieve the desired result,
which is to have the QUIT command be followed by the proper end of line
sequence.  The patch below (made to a 5.61 derivative) causes the sequence
<carriage-return><linefeed> to be sent when the pointer is zero.

------- usersmtp.c -------
*** -	Wed Sep 20 11:21:14 1989
--- usersmtp.c	Wed Sep 20 11:20:59 1989
***************
*** 498,504 ****
  	if (tTd(18, 1) || (Verbose && !HoldErrs))
  		nmessage(Arpa_Info, ">>> %s", SmtpMsgBuffer);
  	if (SmtpOut != NULL)
! 		fprintf(SmtpOut, "%s%s", SmtpMsgBuffer, m->m_eol);
  }
  
  # endif SMTP
--- 498,505 ----
  	if (tTd(18, 1) || (Verbose && !HoldErrs))
  		nmessage(Arpa_Info, ">>> %s", SmtpMsgBuffer);
  	if (SmtpOut != NULL)
! 		fprintf(SmtpOut, "%s%s", SmtpMsgBuffer,
! 			m == 0 ? "\r\n" : m->m_eol);
  }
  
  # endif SMTP


##
-- 
Greg Paris <gmp@ray.com>
{decuac,necntc,uiucdcs,uunet}!rayssd!gmp
Everything seems to be up in the air at this point.