On the develop branch, In opendmarc.c twice the "header" variable experiences format truncation:
Instance 1
opendmarc.c:3625:3: note: ‘snprintf’ output 32 or more bytes (assuming 2080) into a destination of size 1025
snprintf(header, sizeof header,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%s%s%s; dmarc=%s (p=%s dis=%s) header.from=%s",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
authservid,
~~~~~~~~~~~
conf->conf_authservidwithjobid ? "/" : "",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
conf->conf_authservidwithjobid ? dfc->mctx_jobid : "",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aresult, apolicy, adisposition, dfc->mctx_fromdomain);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instance 2
opendmarc.c:3081:3: note: ‘snprintf’ output 31 or more bytes (assuming 2079) into a destination of size 1025
snprintf(header, sizeof header,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%s; dmarc=permerror header.from=%s",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
authservid, dfc->mctx_fromdomain);
It appears to be used as a temporary variable for putting a new header in before adding it to the output. It is defined about line 2260:
unsigned char header[MAXHEADER + 1];
The MAXHEADER length is defined in opendmarc.h:
That define is used exactly one other spot, opendmarc-ar.c about line 714:
u_char tmp[MAXHEADER + 2];
Note inconsistency with the +1 or +2.
Now, RFC2822 says:
There are two limits that this standard places on the number of
characters in a line. Each line of characters MUST be no more than
998 characters, and SHOULD be no more than 78 characters, excluding
the CRLF.
But also:
Each header field is logically a single line of characters comprising
the field name, the colon, and the field body. For convenience
however, and to deal with the 998/78 character limitations per line,
the field body portion of a header field can be split into a multiple
line representation; this is called "folding".
Ergo, what I think needs to happen here is:
- The buffer needs to be made larger, probably on the order of 2048 characters.
- OpenDMARC needs to implement header folding if the output exceeds 998 characters.
On the develop branch, In opendmarc.c twice the "header" variable experiences format truncation:
Instance 1
Instance 2
It appears to be used as a temporary variable for putting a new header in before adding it to the output. It is defined about line 2260:
The MAXHEADER length is defined in opendmarc.h:
That define is used exactly one other spot, opendmarc-ar.c about line 714:
Note inconsistency with the +1 or +2.
Now, RFC2822 says:
But also:
Ergo, what I think needs to happen here is: