Busybox Sendmail segfaults with multiple inline recipients

Denys Vlasenko vda.linux at googlemail.com
Tue Aug 22 13:54:23 UTC 2017

Fixed in git, thanks

On Sat, Aug 19, 2017 at 1:08 AM, mark <mark-busybox at nysen.com> wrote:
>   Hello,
>   I came across a bug in the sendmail function of busybox when using the
> "-t" option and including multiple recipients in any of the inline mail
> headers (To, Cc, or Bcc).
>   When multiple inline recipients are used within a header, busybox
> segfaults.  This appears to be related to memory cleaning via free().  I've
> tested this with the alpine package of busybox (1.24.2 / 1.27.1) and also
> compiling from the busybox master branch on a debian box.
>   I'm not a programmer, but the error seems to be related to the free()
> function on line 212 of mailutils/sendmail.c in the master branch.
>   To reproduce (using google's mail server):
> $ echo "To: one at nowhere,two at nowhere" | ./busybox sendmail -S
> aspmx.l.google.com -ti
> sendmail: Bad recipient: <one at nowhere>
> sendmail: Bad recipient: <two at nowhere>
> Segmentation fault
>   The "Bad recipient" is normal and expected in this case because the mail
> server is rejecting the addresses, but the segfault shouldn't be happening.
> I've tested this with other mail servers where the mails aren't rejected,
> but the segfault still occurs.
>   Removing line 212 and recompiling resolves the error, but I assume this
> also removes some memory deallocation.  My uneducated and totally wild guess
> is that str is being manipulated on lines 204-206 and then isn't a valid
> target for free().  I've attached a diff which removes that call to free()
> and resolves the problem, but I'm guessing this creates  a memory leak.
>   Busybox is a great piece of software.   I'm amazed at how much it does
> with so little code.  Thankyou for all the time you've put into it.
>   Thanks,
>     Mark
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox

More information about the busybox mailing list