benjholla/SendmailCrackaddr.java

## SendmailCrackaddr.java
package sendmail_crackaddr;

/**
 * A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
 * Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
 *
 * Outputs:
 * Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
 *  at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
 *  at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
 *
 * @author Ben Holland
 */
public class SendmailCrackaddr {

	public static final int BUFFERSIZE = 200;

	public static void main(String[] args) {
		String input = "Name Lastname < name@mail.org > ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()";
		copyIt(input, input.length());
	}

	public static int copyIt(String input, int length){
		char c;
		char[] localbuf = new char[BUFFERSIZE];
		int upperlimit = BUFFERSIZE - 10;
		boolean quotation = false;
		boolean roundquote = false;
		int inputIndex = 0;
		int outputIndex = 0;

		while(inputIndex < length){
			c = input.charAt(inputIndex++);

			if((c == '<') && (!quotation)){
				quotation = true;
				upperlimit--;
			}

			if((c == '>') && (quotation)){
				quotation = false;
				upperlimit++;
			}

			if((c == '(') && (!quotation) && (!roundquote)){
				roundquote = true;
//				upperlimit--; // decrementation was missing in bug
			}

			if((c == ')') && (!quotation) && (roundquote)){
				roundquote = false;
				upperlimit++;
			}

			// if there is sufficient space in the buffer, write the character
			if(outputIndex < upperlimit){
				localbuf[outputIndex] = c;
				outputIndex++;
			}
		}

		if(roundquote){
			localbuf[outputIndex] = ')';
			outputIndex++;
		}

		if(quotation){
			localbuf[outputIndex] = '>';
			outputIndex++;
		}

		return outputIndex;
	}

}
	package sendmail_crackaddr;

	/**
	* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
	* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
	*
	* Outputs:
	* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
	* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
	* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
	*
	* @author Ben Holland
	*/
	public class SendmailCrackaddr {

	public static final int BUFFERSIZE = 200;

	public static void main(String[] args) {
	String input = "Name Lastname < name@mail.org > ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()";
	copyIt(input, input.length());
	}

	public static int copyIt(String input, int length){
	char c;
	char[] localbuf = new char[BUFFERSIZE];
	int upperlimit = BUFFERSIZE - 10;
	boolean quotation = false;
	boolean roundquote = false;
	int inputIndex = 0;
	int outputIndex = 0;

	while(inputIndex < length){
	c = input.charAt(inputIndex++);

	if((c == '<') && (!quotation)){
	quotation = true;
	upperlimit--;
	}

	if((c == '>') && (quotation)){
	quotation = false;
	upperlimit++;
	}

	if((c == '(') && (!quotation) && (!roundquote)){
	roundquote = true;
	// upperlimit--; // decrementation was missing in bug
	}

	if((c == ')') && (!quotation) && (roundquote)){
	roundquote = false;
	upperlimit++;
	}

	// if there is sufficient space in the buffer, write the character
	if(outputIndex < upperlimit){
	localbuf[outputIndex] = c;
	outputIndex++;
	}
	}

	if(roundquote){
	localbuf[outputIndex] = ')';
	outputIndex++;
	}

	if(quotation){
	localbuf[outputIndex] = '>';
	outputIndex++;
	}

	return outputIndex;
	}

	}