Inews and long headers

Julien ÉLIE julien at trigofacile.com
Fri Jul 7 20:50:21 UTC 2017 

Jeffery and Kamil,

>> Header-name: aaaaaaa
>>   bbbbbbbb
>>   ....
>>
>> No single line is 998 bytes long, but concatenated are.
>> I am not sure if 998 limit concerns single line or whole header. I
>> thought that only single line should be checked, not whole header?
> 
> Indeed, that's an inews bug.  The length check should be for a single 
> line, not for the whole header field.

I suggest the following patch for inews.  Do you happen to have
the possibility to test it and report if it solves your issue?

I've done tests, and it seems to work fine (reject of too long lines,
and accept headers whose length exceeds 998 bytes but are properly
wrapped):
% cat testarticle | mailpost trigofacile.test
inews failed: inews: header line too long inews: article not posted



--- frontends/inews.c	(révision 10159)
+++ frontends/inews.c	(copie de travail)
@@ -198,13 +198,22 @@
 static char *
 NextHeader(char *p)
 {
-    for ( ; ; p++) {
-	if ((p = strchr(p, '\n')) == NULL)
+    char *q;
+    for (q = p; ; p++) {
+        if ((p = strchr(p, '\n')) == NULL) {
             die("article is all headers");
-	if (!ISWHITE(p[1])) {
-	    *p = '\0';
-	    return p + 1;
-	}
+        }
+        /* Check the maximum length of a single line. */
+        if (p - q + 1 > HEADER_STRLEN) {
+            die("header line too long");
+        }
+        /* Check if there is a continuation line for the header. */
+        if (ISWHITE(p[1])) {
+            q = p + 1;
+            continue;
+        }
+        *p = '\0';
+        return p + 1;
     }
 }
 
@@ -1026,13 +1035,6 @@
     /* Do final checks. */
     if (i == 0 && HDR(_control) == NULL)
         die("article is empty");
-    for (hp = Table; hp < ARRAY_END(Table); hp++)
-	if (hp->Value && (int)strlen(hp->Value) + hp->Size > HEADER_STRLEN)
-            die("%s header is too long", hp->Name);
-    for (i = 0; i < OtherCount; i++)
-	if ((int)strlen(OtherHeaders[i]) > HEADER_STRLEN)
-            die("header too long (maximum length is %d): %.40s...",
-                HEADER_STRLEN, OtherHeaders[i]);
 
     if (Dump) {
 	/* Write the headers and a blank line. */



-- 
Julien ÉLIE

« O fortunatos nimium, sua si bona norint, agricolas. » (Virgile)

More information about the inn-workers mailing list