[Mailman-Users] Long Email Addressess
Christopher G. Petrilli
petrilli at amber.org
Thu Mar 4 01:17:47 CET 1999
On Wed, Mar 03, 1999 at 04:48:10PM -0700, John-David Childs wrote:
> FYI: I know next to nothing about Python, some I'm not able to
> specifically scan the code (yet) looking for the big obvious security
> holes...but I did run across something interesting.
Python should have NO buffer-overrun problems as all strings are ALWAYS
dynamically allocated, as are all other structurs. There's just simply
no "fixed" sizes used.
> I tried a very simple/stupid buffer overflow test. What would happen if I
> tried to subscribe a long email address? My test case was only about 300
> characters...I'll probably try some really long usernames later but in any
> case I found that sendmail would choke on the email address I entered
> (prescan: token too long) yet mailman would think that the addy was
> sucessfully subscribed.
Um, from memory, I don't think that RFC822 actually limits email address
sizes :-) Certainly there is NO limit on DNS theoretically, both to the
number of subdomains, nor the size of each level. So, this would be a
sendmail bug, in my eye.
| Christopher Petrilli ``Television is bubble-gum for
| petrilli at amber.org the mind.''-Frank Lloyd Wright
More information about the Mailman-Users