*** RELEASE_NOTES.OLD	Sat Feb 11 08:50:50 1995
--- RELEASE_NOTES	Fri Feb 10 09:55:32 1995
***************
*** 1,10 ****
  			SENDMAIL RELEASE NOTES
! 	     @(#)RELEASE_NOTES	8.6.9.2 (Berkeley) 4/19/94
  
  This listing shows the version of the sendmail binary, the version
  of the sendmail configuration files, the date of release, and a
  summary of the changes in that release.
  
  8.6.9/8.6.9	94/04/19
  	Do all mail delivery completely disconnected from any terminal.
  		This provides consistency with daemon delivery and
--- 1,52 ----
  			SENDMAIL RELEASE NOTES
! 	     @(#)RELEASE_NOTES	8.6.10.2 (Berkeley) 2/10/95
  
  This listing shows the version of the sendmail binary, the version
  of the sendmail configuration files, the date of release, and a
  summary of the changes in that release.
  
+ 8.6.10/8.6.10	95/02/10
+ 	SECURITY: Diagnose bogus values to some command line flags that
+ 		could allow trash to get into headers and qf files.
+ 	Validate the name of the user returned by the IDENT protocol.
+ 		Some systems that really dislike IDENT send intentionally
+ 		bogus information.  Problem pointed out by Michael Bushnell
+ 		of the Free Software Foundation.  Has some security
+ 		implications.
+ 	Fix a problem causing error messages about DNS problems when
+ 		the host name contained a percent sign to act oddly
+ 		because it was passed as a printf-style format string.
+ 		In some cases this could cause core dumps.
+ 	Avoid possible buffer overrun in returntosender() if error
+ 		message is quite ling.  From Fletcher Mattox of the
+ 		University of Texas.
+ 	Fix a problem that would silently drop "too many hops" error
+ 		messages if and only if you were sending to an alias.
+ 		From Jon Giltner of the University of Colorado and
+ 		Dan Harton of Oak Ridge National Laboratory.
+ 	Fix a bug that caused core dumps on some systems if -d11.2 was
+ 		set and e->e_message was null.  Fix from Bruce Nagel of
+ 		Data General.
+ 	Fix problem that can still cause df files to be left around
+ 		after "hop count exceeded" messages.  Fix from Andrew
+ 		Chang and Shau-Ping Lo of SunSoft.
+ 	Fix a problem that can cause buffer overflows on very long
+ 		user names (as might occur if you piped to a program
+ 		with a lot of arguments).
+ 	Avoid returning an error and re-queueing if the host signature
+ 		is null; this can occur on addresses like ``user@.''.
+ 		Problem noted by Wesley Craig and the University of
+ 		Michigan.
+ 	Avoid possible calls to malloc(0) if MCI caching is turned
+ 		off.  Bug fix from Pierre David of the Laboratoire
+ 		Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
+ 		Universite de Versailles - St Quentin, and Jacky
+ 		Thibault.
+ 	Make a local copy of the line being sent via senttolist() -- in
+ 		some cases, buffers could get trashed by map lookups
+ 		causing it to do unexpected things.  This also simplifies
+ 		some of the map code.
+ 
  8.6.9/8.6.9	94/04/19
  	Do all mail delivery completely disconnected from any terminal.
  		This provides consistency with daemon delivery and
***************
*** 25,31 ****
  		sendmail -bs from inetd.  Based on code contributed by
  		Todd Miller (this problem was also reported by Guy Helmer
  		of Dakota State University).  This also fixes a related
! 		problem reported by Liudvikas Bukys of Rochester University.
  	Parameterize "nroff -h" in all the Makefiles so people with
  		variant versions can use them easily.  Suggested by
  		Peter Collinson of Hillside Systems.
--- 67,74 ----
  		sendmail -bs from inetd.  Based on code contributed by
  		Todd Miller (this problem was also reported by Guy Helmer
  		of Dakota State University).  This also fixes a related
! 		problem reported by Liudvikas Bukys of the University of
! 		Rochester.
  	Parameterize "nroff -h" in all the Makefiles so people with
  		variant versions can use them easily.  Suggested by
  		Peter Collinson of Hillside Systems.
***************
*** 418,424 ****
  		when sending error messages.  This resulted in
  		"unexpected close" messages.  It should fix itself
  		on the following queue run.  Problem noted by
! 		Liudvikas Bukys of Rochester University.
  	Include $k in $=k as documented in the Install & Op Guide.
  		This seems odd, but it was documented....  From
  		Michael Corrigan of UCSD.
--- 461,467 ----
  		when sending error messages.  This resulted in
  		"unexpected close" messages.  It should fix itself
  		on the following queue run.  Problem noted by
! 		Liudvikas Bukys of the University of Rochester.
  	Include $k in $=k as documented in the Install & Op Guide.
  		This seems odd, but it was documented....  From
  		Michael Corrigan of UCSD.
*** cf/m4/version.m4.OLD	Fri Feb 10 08:20:27 1995
--- cf/m4/version.m4	Fri Feb 10 08:14:41 1995
***************
*** 32,39 ****
  # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  # SUCH DAMAGE.
  #
! VERSIONID(`@(#)version.m4	8.6.9.1 (Berkeley) 4/18/94')
  #
  divert(0)
  # Configuration version number
! DZ8.6.9
--- 32,39 ----
  # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  # SUCH DAMAGE.
  #
! VERSIONID(`@(#)version.m4	8.6.10.1 (Berkeley) 2/10/95')
  #
  divert(0)
  # Configuration version number
! DZ8.6.10
*** src/daemon.c.OLD	Thu Feb  9 12:37:25 1995
--- src/daemon.c	Thu Feb  9 17:28:51 1995
***************
*** 37,45 ****
  
  #ifndef lint
  #ifdef DAEMON
! static char sccsid[] = "@(#)daemon.c	8.48 (Berkeley) 4/18/94 (with daemon mode)";
  #else
! static char sccsid[] = "@(#)daemon.c	8.48 (Berkeley) 4/18/94 (without daemon mode)";
  #endif
  #endif /* not lint */
  
--- 37,45 ----
  
  #ifndef lint
  #ifdef DAEMON
! static char sccsid[] = "@(#)daemon.c	8.48.1.2 (Berkeley) 2/9/95 (with daemon mode)";
  #else
! static char sccsid[] = "@(#)daemon.c	8.48.1.2 (Berkeley) 2/9/95 (without daemon mode)";
  #endif
  #endif /* not lint */
  
***************
*** 1122,1130 ****
  	while (isascii(*++p) && isspace(*p))
  		continue;
  
! 	/* p now points to the authenticated name */
! 	(void) sprintf(hbuf, "%s@%s",
! 		p, RealHostName == NULL ? "localhost" : RealHostName);
  	goto finish;
  
  closeident:
--- 1122,1132 ----
  	while (isascii(*++p) && isspace(*p))
  		continue;
  
! 	/* p now points to the authenticated name -- copy carefully */
! 	cleanstrcpy(hbuf, p, MAXNAME);
! 	i = strlen(hbuf);
! 	hbuf[i++] = '@';
! 	strcpy(&hbuf[i], RealHostName == NULL ? "localhost" : RealHostName);
  	goto finish;
  
  closeident:
*** src/deliver.c.OLD	Thu Feb  9 12:37:29 1995
--- src/deliver.c	Fri Feb 10 07:38:10 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)deliver.c	8.82 (Berkeley) 4/18/94";
  #endif /* not lint */
  
  #include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)deliver.c	8.84.1.1 (Berkeley) 2/10/95";
  #endif /* not lint */
  
  #include "sendmail.h"
***************
*** 124,129 ****
--- 124,130 ----
  	if (e->e_hopcount > MaxHopCount)
  	{
  		errno = 0;
+ 		queueup(e, TRUE, announcequeueup);
  		e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE;
  		syserr("554 too many hops %d (%d max): from %s via %s, to %s",
  			e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
***************
*** 1005,1011 ****
  		if (curhost == NULL || curhost[0] == '\0')
  		{
  			syserr("null host signature for %s", pv[1]);
! 			rcode = EX_OSERR;
  			goto give_up;
  		}
  
--- 1006,1012 ----
  		if (curhost == NULL || curhost[0] == '\0')
  		{
  			syserr("null host signature for %s", pv[1]);
! 			rcode = EX_CONFIG;
  			goto give_up;
  		}
  
***************
*** 1726,1732 ****
  	else if (stat == EX_NOHOST && h_errno != 0)
  	{
  		statmsg = errstring(h_errno + E_DNSBASE);
! 		(void) sprintf(buf, "%s (%s)", SysExMsg[i], statmsg);
  		statmsg = buf;
  	}
  #endif
--- 1727,1733 ----
  	else if (stat == EX_NOHOST && h_errno != 0)
  	{
  		statmsg = errstring(h_errno + E_DNSBASE);
! 		(void) sprintf(buf, "%s (%s)", SysExMsg[i] + 1, statmsg);
  		statmsg = buf;
  	}
  #endif
***************
*** 1754,1761 ****
  	}
  	else
  	{
  		Errors++;
! 		usrerr(statmsg, errstring(errno));
  	}
  
  	/*
--- 1755,1765 ----
  	}
  	else
  	{
+ 		char mbuf[8];
+ 
  		Errors++;
! 		sprintf(mbuf, "%.3s %%s", statmsg);
! 		usrerr(mbuf, &statmsg[4]);
  	}
  
  	/*
***************
*** 1770,1776 ****
  
  	if (tTd(11, 2))
  		printf("giveresponse: stat=%d, e->e_message=%s\n",
! 			stat, e->e_message);
  
  	if (stat != EX_TEMPFAIL)
  		setstat(stat);
--- 1774,1780 ----
  
  	if (tTd(11, 2))
  		printf("giveresponse: stat=%d, e->e_message=%s\n",
! 			stat, e->e_message == NULL ? "<NULL>" : e->e_message);
  
  	if (stat != EX_TEMPFAIL)
  		setstat(stat);
*** src/main.c.OLD	Thu Feb  9 12:21:45 1995
--- src/main.c	Fri Feb 10 09:40:49 1995
***************
*** 39,45 ****
  #endif /* not lint */
  
  #ifndef lint
! static char sccsid[] = "@(#)main.c	8.55 (Berkeley) 4/15/94";
  #endif /* not lint */
  
  #define	_DEFINE
--- 39,45 ----
  #endif /* not lint */
  
  #ifndef lint
! static char sccsid[] = "@(#)main.c	8.55.1.3 (Berkeley) 2/10/95";
  #endif /* not lint */
  
  #define	_DEFINE
***************
*** 463,469 ****
  			break;
  
  		  case 'B':	/* body type */
! 			CurEnv->e_bodytype = newstr(optarg);
  			break;
  
  		  case 'C':	/* select configuration file (already done) */
--- 463,473 ----
  			break;
  
  		  case 'B':	/* body type */
! 			if (strcasecmp(optarg, "7bit") == 0 ||
! 			    strcasecmp(optarg, "8bitmime") == 0)
! 				CurEnv->e_bodytype = newstr(optarg);
! 			else
! 				usrerr("Illegal body type %s", optarg);
  			break;
  
  		  case 'C':	/* select configuration file (already done) */
***************
*** 486,492 ****
  				ExitStat = EX_USAGE;
  				break;
  			}
! 			from = newstr(optarg);
  			if (strcmp(RealUserName, from) != 0)
  				warn_f_flag = j;
  			break;
--- 490,496 ----
  				ExitStat = EX_USAGE;
  				break;
  			}
! 			from = newstr(denlstring(optarg));
  			if (strcmp(RealUserName, from) != 0)
  				warn_f_flag = j;
  			break;
***************
*** 516,526 ****
  		  case 'p':	/* set protocol */
  			p = strchr(optarg, ':');
  			if (p != NULL)
  				*p++ = '\0';
  			if (*optarg != '\0')
! 				define('r', newstr(optarg), CurEnv);
! 			if (p != NULL && *p != '\0')
! 				define('s', newstr(p), CurEnv);
  			break;
  
  		  case 'q':	/* run queue files at intervals */
--- 520,540 ----
  		  case 'p':	/* set protocol */
  			p = strchr(optarg, ':');
  			if (p != NULL)
+ 			{
  				*p++ = '\0';
+ 				if (*p != '\0')
+ 				{
+ 					ep = xalloc(strlen(p) + 1);
+ 					cleanstrcpy(ep, p, MAXNAME);
+ 					define('s', ep, CurEnv);
+ 				}
+ 			}
  			if (*optarg != '\0')
! 			{
! 				ep = xalloc(strlen(optarg) + 1);
! 				cleanstrcpy(ep, optarg, MAXNAME);
! 				define('r', ep, CurEnv);
! 			}
  			break;
  
  		  case 'q':	/* run queue files at intervals */
***************
*** 713,718 ****
--- 727,736 ----
  		FullName = NULL;
  		break;
  	}
+ 
+ 	/* full names can't have newlines */
+ 	if (FullName != NULL && strchr(FullName, '\n') != NULL)
+ 		FullName = newstr(denlstring(FullName));
  
  	/* do heuristic mode adjustment */
  	if (Verbose)
*** src/map.c.OLD	Fri Feb 10 07:51:55 1995
--- src/map.c	Fri Feb 10 07:51:42 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)map.c	8.25 (Berkeley) 4/17/94";
  #endif /* not lint */
  
  #include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)map.c	8.25.1.1 (Berkeley) 2/10/95";
  #endif /* not lint */
  
  #include "sendmail.h"
***************
*** 189,208 ****
  **		av -- arguments to interpolate into buf.
  **
  **	Returns:
! **		Pointer to rewritten result.
  **
  **	Side Effects:
  **		none.
  */
  
- struct rwbuf
- {
- 	int	rwb_len;	/* size of buffer */
- 	char	*rwb_buf;	/* ptr to buffer */
- };
- 
- struct rwbuf	RwBufs[2];	/* buffers for rewriting output */
- 
  char *
  map_rewrite(map, s, slen, av)
  	register MAP *map;
--- 189,201 ----
  **		av -- arguments to interpolate into buf.
  **
  **	Returns:
! **		Pointer to rewritten result.  This is static data that
! **		should be copied if it is to be saved!
  **
  **	Side Effects:
  **		none.
  */
  
  char *
  map_rewrite(map, s, slen, av)
  	register MAP *map;
***************
*** 214,222 ****
  	register char c;
  	char **avp;
  	register char *ap;
- 	register struct rwbuf *rwb;
  	int i;
  	int len;
  
  	if (tTd(39, 1))
  	{
--- 207,216 ----
  	register char c;
  	char **avp;
  	register char *ap;
  	int i;
  	int len;
+ 	static int buflen = -1;
+ 	static char *buf = NULL;
  
  	if (tTd(39, 1))
  	{
***************
*** 231,240 ****
  		printf("\n");
  	}
  
- 	rwb = RwBufs;
- 	if (av == NULL)
- 		rwb++;
- 
  	/* count expected size of output (can safely overestimate) */
  	i = len = slen;
  	if (av != NULL)
--- 225,230 ----
***************
*** 258,273 ****
  	}
  	if (map->map_app != NULL)
  		len += strlen(map->map_app);
! 	if (rwb->rwb_len < ++len)
  	{
  		/* need to malloc additional space */
! 		rwb->rwb_len = len;
! 		if (rwb->rwb_buf != NULL)
! 			free(rwb->rwb_buf);
! 		rwb->rwb_buf = xalloc(rwb->rwb_len);
  	}
  
! 	bp = rwb->rwb_buf;
  	if (av == NULL)
  	{
  		bcopy(s, bp, slen);
--- 248,263 ----
  	}
  	if (map->map_app != NULL)
  		len += strlen(map->map_app);
! 	if (buflen < ++len)
  	{
  		/* need to malloc additional space */
! 		buflen = len;
! 		if (buf != NULL)
! 			free(buf);
! 		buf = xalloc(buflen);
  	}
  
! 	bp = buf;
  	if (av == NULL)
  	{
  		bcopy(s, bp, slen);
***************
*** 307,314 ****
  	else
  		*bp = '\0';
  	if (tTd(39, 1))
! 		printf("map_rewrite => %s\n", rwb->rwb_buf);
! 	return rwb->rwb_buf;
  }
  /*
  **  INITMAPS -- initialize for aliasing
--- 297,304 ----
  	else
  		*bp = '\0';
  	if (tTd(39, 1))
! 		printf("map_rewrite => %s\n", buf);
! 	return buf;
  }
  /*
  **  INITMAPS -- initialize for aliasing
*** src/mci.c.OLD	Thu Feb  9 12:22:01 1995
--- src/mci.c	Thu Feb  9 12:50:26 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)mci.c	8.13 (Berkeley) 4/12/94";
  #endif /* not lint */
  
  #include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)mci.c	8.14 (Berkeley) 5/15/94";
  #endif /* not lint */
  
  #include "sendmail.h"
***************
*** 83,94 ****
  	register MCI **mcislot;
  	extern MCI **mci_scan();
  
- 	if (MaxMciCache <= 0)
- 	{
- 		/* we don't support caching */
- 		return;
- 	}
- 
  	/*
  	**  Find the best slot.  This may cause expired connections
  	**  to be closed.
--- 83,88 ----
***************
*** 95,100 ****
--- 89,99 ----
  	*/
  
  	mcislot = mci_scan(mci);
+ 	if (mcislot == NULL)
+ 	{
+ 		/* we don't support caching */
+ 		return;
+ 	}
  
  	/* if this is already cached, we are done */
  	if (bitset(MCIF_CACHED, mci->mci_flags))
***************
*** 136,141 ****
--- 135,146 ----
  	register MCI *mci;
  	register int i;
  
+ 	if (MaxMciCache <= 0)
+ 	{
+ 		/* we don't support caching */
+ 		return NULL;
+ 	}
+ 
  	if (MciCache == NULL)
  	{
  		/* first call */
***************
*** 267,272 ****
--- 272,278 ----
  {
  	register MCI *mci;
  	register STAB *s;
+ 	extern MCI **mci_scan();
  
  #ifdef DAEMON
  	extern SOCKADDR CurHostAddr;
***************
*** 276,282 ****
  #endif
  
  	/* clear out any expired connections */
! 	mci_scan(NULL);
  
  	if (m->m_mno < 0)
  		syserr("negative mno %d (%s)", m->m_mno, m->m_name);
--- 282,288 ----
  #endif
  
  	/* clear out any expired connections */
! 	(void) mci_scan(NULL);
  
  	if (m->m_mno < 0)
  		syserr("negative mno %d (%s)", m->m_mno, m->m_name);
*** src/queue.c.OLD	Thu Feb  9 12:21:58 1995
--- src/queue.c	Fri Feb 10 07:38:11 1995
***************
*** 36,44 ****
  
  #ifndef lint
  #ifdef QUEUE
! static char sccsid[] = "@(#)queue.c	8.41 (Berkeley) 4/18/94 (with queueing)";
  #else
! static char sccsid[] = "@(#)queue.c	8.41 (Berkeley) 4/18/94 (without queueing)";
  #endif
  #endif /* not lint */
  
--- 36,44 ----
  
  #ifndef lint
  #ifdef QUEUE
! static char sccsid[] = "@(#)queue.c	8.41.1.1 (Berkeley) 2/10/95 (with queueing)";
  #else
! static char sccsid[] = "@(#)queue.c	8.41.1.1 (Berkeley) 2/10/95 (without queueing)";
  #endif
  #endif /* not lint */
  
***************
*** 210,216 ****
  
  	/* message from envelope, if it exists */
  	if (e->e_message != NULL)
! 		fprintf(tfp, "M%s\n", e->e_message);
  
  	/* send various flag bits through */
  	p = buf;
--- 210,216 ----
  
  	/* message from envelope, if it exists */
  	if (e->e_message != NULL)
! 		fprintf(tfp, "M%s\n", denlstring(e->e_message));
  
  	/* send various flag bits through */
  	p = buf;
***************
*** 224,237 ****
  
  	/* $r and $s and $_ macro values */
  	if ((p = macvalue('r', e)) != NULL)
! 		fprintf(tfp, "$r%s\n", p);
  	if ((p = macvalue('s', e)) != NULL)
! 		fprintf(tfp, "$s%s\n", p);
  	if ((p = macvalue('_', e)) != NULL)
! 		fprintf(tfp, "$_%s\n", p);
  
  	/* output name of sender */
! 	fprintf(tfp, "S%s\n", e->e_from.q_paddr);
  
  	/* output list of error recipients */
  	printctladdr(NULL, NULL);
--- 224,237 ----
  
  	/* $r and $s and $_ macro values */
  	if ((p = macvalue('r', e)) != NULL)
! 		fprintf(tfp, "$r%s\n", denlstring(p));
  	if ((p = macvalue('s', e)) != NULL)
! 		fprintf(tfp, "$s%s\n", denlstring(p));
  	if ((p = macvalue('_', e)) != NULL)
! 		fprintf(tfp, "$_%s\n", denlstring(p));
  
  	/* output name of sender */
! 	fprintf(tfp, "S%s\n", denlstring(e->e_from.q_paddr));
  
  	/* output list of error recipients */
  	printctladdr(NULL, NULL);
***************
*** 240,246 ****
  		if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
  		{
  			printctladdr(q, tfp);
! 			fprintf(tfp, "E%s\n", q->q_paddr);
  		}
  	}
  
--- 240,246 ----
  		if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
  		{
  			printctladdr(q, tfp);
! 			fprintf(tfp, "E%s\n", denlstring(q->q_paddr));
  		}
  	}
  
***************
*** 251,257 ****
  		    (queueall && !bitset(QDONTSEND|QBADADDR|QSENT, q->q_flags)))
  		{
  			printctladdr(q, tfp);
! 			fprintf(tfp, "R%s\n", q->q_paddr);
  			if (announce)
  			{
  				e->e_to = q->q_paddr;
--- 251,257 ----
  		    (queueall && !bitset(QDONTSEND|QBADADDR|QSENT, q->q_flags)))
  		{
  			printctladdr(q, tfp);
! 			fprintf(tfp, "R%s\n", denlstring(q->q_paddr));
  			if (announce)
  			{
  				e->e_to = q->q_paddr;
***************
*** 427,433 ****
  	else
  		uname = pw->pw_name;
  
! 	fprintf(tfp, "C%s:%s\n", uname, a->q_paddr);
  }
  
  /*
--- 427,433 ----
  	else
  		uname = pw->pw_name;
  
! 	fprintf(tfp, "C%s:%s\n", uname, denlstring(a->q_paddr));
  }
  
  /*
*** src/readcf.c.OLD	Thu Feb  9 12:37:27 1995
--- src/readcf.c	Fri Feb 10 07:45:09 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)readcf.c	8.23 (Berkeley) 3/18/94";
  #endif /* not lint */
  
  # include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)readcf.c	8.23.1.2 (Berkeley) 2/10/95";
  #endif /* not lint */
  
  # include "sendmail.h"
***************
*** 1300,1306 ****
  		break;
  
  	  case 'M':		/* define macro */
! 		define(val[0], newstr(&val[1]), CurEnv);
  		sticky = FALSE;
  		break;
  
--- 1300,1309 ----
  		break;
  
  	  case 'M':		/* define macro */
! 		p = newstr(&val[1]);
! 		if (!safe)
! 			cleanstrcpy(p, p, MAXNAME);
! 		define(val[0], p, CurEnv);
  		sticky = FALSE;
  		break;
  
*** src/recipient.c.OLD	Thu Feb  9 12:21:42 1995
--- src/recipient.c	Mon Feb 20 17:31:39 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)recipient.c	8.44 (Berkeley) 2/28/94";
  #endif /* not lint */
  
  # include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)recipient.c	8.44.1.4 (Berkeley) 2/20/95";
  #endif /* not lint */
  
  # include "sendmail.h"
***************
*** 75,81 ****
--- 75,84 ----
  	bool firstone;		/* set on first address sent */
  	char delimiter;		/* the address delimiter */
  	int naddrs;
+ 	int i;
  	char *oldto = e->e_to;
+ 	char *bufp;
+ 	char buf[MAXNAME + 1];
  
  	if (list == NULL)
  	{
***************
*** 102,108 ****
  	al = NULL;
  	naddrs = 0;
  
! 	for (p = list; *p != '\0'; )
  	{
  		auto char *delimptr;
  		register ADDRESS *a;
--- 105,119 ----
  	al = NULL;
  	naddrs = 0;
  
! 	/* make sure we have enough space to copy the string */
! 	i = strlen(list) + 1;
! 	if (i <= sizeof buf)
! 		bufp = buf;
! 	else
! 		bufp = xalloc(i);
! 	strcpy(bufp, denlstring(list));
! 
! 	for (p = bufp; *p != '\0'; )
  	{
  		auto char *delimptr;
  		register ADDRESS *a;
***************
*** 143,148 ****
--- 154,161 ----
  	}
  
  	e->e_to = oldto;
+ 	if (bufp != buf)
+ 		free(bufp);
  	return (naddrs);
  }
  /*
*** src/savemail.c.OLD	Thu Feb  9 12:37:27 1995
--- src/savemail.c	Thu Feb  9 12:24:32 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)savemail.c	8.28 (Berkeley) 3/11/94";
  #endif /* not lint */
  
  # include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)savemail.c	8.29 (Berkeley) 5/10/94";
  #endif /* not lint */
  
  # include "sendmail.h"
***************
*** 521,527 ****
  			e->e_id, ee->e_id, msg);
  # endif
  
! 	(void) sprintf(buf, "Returned mail: %s", msg);
  	addheader("Subject", buf, ee);
  	if (SendMIMEErrors)
  	{
--- 521,527 ----
  			e->e_id, ee->e_id, msg);
  # endif
  
! 	(void) sprintf(buf, "Returned mail: %.*s", sizeof buf - 20, msg);
  	addheader("Subject", buf, ee);
  	if (SendMIMEErrors)
  	{
*** src/sendmail.h.OLD	Thu Feb  9 12:21:51 1995
--- src/sendmail.h	Fri Feb 10 07:38:06 1995
***************
*** 31,37 ****
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   *
!  *	@(#)sendmail.h	8.43 (Berkeley) 4/14/94
   */
  
  /*
--- 31,37 ----
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   *
!  *	@(#)sendmail.h	8.43.1.1 (Berkeley) 2/10/95
   */
  
  /*
***************
*** 41,47 ****
  # ifdef _DEFINE
  # define EXTERN
  # ifndef lint
! static char SmailSccsId[] =	"@(#)sendmail.h	8.43		4/14/94";
  # endif
  # else /*  _DEFINE */
  # define EXTERN extern
--- 41,47 ----
  # ifdef _DEFINE
  # define EXTERN
  # ifndef lint
! static char SmailSccsId[] =	"@(#)sendmail.h	8.43.1.1		2/10/95";
  # endif
  # else /*  _DEFINE */
  # define EXTERN extern
***************
*** 956,961 ****
--- 956,962 ----
  extern char		*shortenstring __P((char *, int));
  extern bool		usershellok __P((char *));
  extern void		commaize __P((HDR *, char *, int, MCI *, ENVELOPE *));
+ extern char		*denlstring __P((char *));
  
  /* ellipsis is a different case though */
  #ifdef __STDC__
*** src/util.c.OLD	Thu Feb  9 12:37:26 1995
--- src/util.c	Fri Feb 10 10:48:31 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)util.c	8.39 (Berkeley) 4/14/94";
  #endif /* not lint */
  
  # include "sendmail.h"
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)util.c	8.39.1.2 (Berkeley) 2/10/95";
  #endif /* not lint */
  
  # include "sendmail.h"
***************
*** 1464,1467 ****
--- 1464,1547 ----
  	strcpy(buf + m, "...");
  	strcpy(buf + m + 3, s + l - m);
  	return buf;
+ }
+ /*
+ **  CLEANSTRCPY -- copy string keeping out bogus characters
+ **
+ **	Parameters:
+ **		t -- "to" string.
+ **		f -- "from" string.
+ **		l -- length of space available in "to" string.
+ **
+ **	Returns:
+ **		none.
+ */
+ 
+ void
+ cleanstrcpy(t, f, l)
+ 	register char *t;
+ 	register char *f;
+ 	int l;
+ {
+ #ifdef LOG
+ 	/* check for newlines and log if necessary */
+ 	(void) denlstring(f);
+ #endif
+ 
+ 	l--;
+ 	while (l > 0 && *f != '\0')
+ 	{
+ 		if (isascii(*f) &&
+ 		    (isalnum(*f) || strchr("!#$%&'*+-./^_`{|}~", *f) != NULL))
+ 		{
+ 			l--;
+ 			*t++ = *f;
+ 		}
+ 		f++;
+ 	}
+ 	*t = '\0';
+ }
+ /*
+ **  DENLSTRING -- convert newlines in a string to spaces
+ **
+ **	Parameters:
+ **		s -- the input string
+ **
+ **	Returns:
+ **		A pointer to a version of the string with newlines
+ **		mapped to spaces.  This should be copied.
+ */
+ 
+ char *
+ denlstring(s)
+ 	char *s;
+ {
+ 	register char *p;
+ 	int l;
+ 	static char *bp = NULL;
+ 	static int bl = 0;
+ 
+ 	if (strchr(s, '\n') == NULL)
+ 		return s;
+ 
+ 	l = strlen(s) + 1;
+ 	if (bl < l)
+ 	{
+ 		/* allocate more space */
+ 		if (bp != NULL)
+ 			free(bp);
+ 		bp = xalloc(l);
+ 		bl = l;
+ 	}
+ 	strcpy(bp, s);
+ 	for (p = bp; (p = strchr(p, '\n')) != NULL; )
+ 		*p++ = ' ';
+ 
+ #ifdef LOG
+ 	p = macvalue('_', CurEnv);
+ 	syslog(LOG_ALERT, "POSSIBLE ATTACK from %s: newline in string \"%s\"",
+ 		p == NULL ? "[UNKNOWN]" : p, bp);
+ #endif
+ 
+ 	return bp;
  }
*** src/version.c.OLD	Fri Feb 10 08:17:14 1995
--- src/version.c	Thu Feb  9 12:38:27 1995
***************
*** 33,39 ****
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)version.c	8.6.9.1 (Berkeley) 4/18/94";
  #endif /* not lint */
  
! char	Version[] = "8.6.9";
--- 33,39 ----
   */
  
  #ifndef lint
! static char sccsid[] = "@(#)version.c	8.6.10.1 (Berkeley) 2/7/95";
  #endif /* not lint */
  
! char	Version[] = "8.6.10";