This Space for Rent

New Code!

Postoffice, after a period of testing to make certain that the revamped milter interface library was stable, has been pushed up to version 1.5.4 not so much because of the stability of the new library but because I found a security defect in the SMTP AUTH code where if a malicious client passed in a null user name that null would be passed down to the system library function getpwnam(), where a null username results in undefined behavior. And in the case of my mail server, “undefined behavior” == segmentation violations deep within the bowels of the bits of libc that getpwnam() calls.


Well, that defect is fixed, and now that I’ve been running the milter library for a while without it exploding on me (or the other site(s) that are running it) this means it’s time to shovel out some New Code! for all to marvel at.

If you don’t like core dumps, it might be a good idea to install this release.