Hey vmailers, After upgrading to vpopmail-5.4.16, vadddomain would segfault. Turns out, we had a domain without tld on our server. Let's say 'test' instead of 'test.com'.
The following piece of code in the function 'extract_domain' in
vpopmail.c:1657 chokes on this:
t = strtok( tmpbuf, "." );
while( t && i < 10 ) {
parts[i++] = t;
t = strtok( NULL, "." );
}
t = parts[--i];
u = parts[--i];
If no "." is found by strtok, the while-loop will be used only once,
and i will be 1. This makes u=parts[-1]: Array underbound which makes
u a invalid pointer, on which the program will crash shortly
thereafter.
I attached a small patch that corrects a issue.
This patch simply throws a warning, and returns with value '1' when a
domain without dot is detected after the 'strtok' call. Since such a
small domain name doesn't require any formatting, the 'domain'
variable already has the desired value, and since the return-code is
never checked, the program will continue without problems.
Greetings,
Tijs
vpopmail_invaliddomain_segfault.patch
Description: Binary data
