benjholla · August 29, 2015 14:17
diff --git a/SendmailCrackaddr.java b/SendmailCrackaddr.java
 package sendmail_crackaddr;

 /**
 * A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
 * Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
 * 
 * Outputs: 
 * Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
 *  at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
 *  at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
 * 
 * @author Ben Holland
 */
 public class SendmailCrackaddr {

 	public static final int BUFFERSIZE = 200;
 	
 	public static void main(String[] args) {
 		String input = "Name Lastname < [email protected] > ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()";
 		copyIt(input, input.length());
 	}
 	
 	public static int copyIt(String input, int length){
 		char c;
 		char[] localbuf = new char[BUFFERSIZE];
 		int upperlimit = BUFFERSIZE - 10;
 		boolean quotation = false;
 		boolean roundquote = false;
 		int inputIndex = 0;
 		int outputIndex = 0;
 		
 		while(inputIndex < length){
 			c = input.charAt(inputIndex++);
 			
 			if((c == '<') && (!quotation)){
 				quotation = true;
 				upperlimit--;
 			}
 			
 			if((c == '>') && (quotation)){
 				quotation = false;
 				upperlimit++;
 			}
 			
 			if((c == '(') && (!quotation) && (!roundquote)){
 				roundquote = true;
 //				upperlimit--; // decrementation was missing in bug
 			}
 			
 			if((c == ')') && (!quotation) && (roundquote)){
 				roundquote = false;
 				upperlimit++;
 			}
 			
 			// if there is sufficient space in the buffer, write the character
 			if(outputIndex < upperlimit){
 				localbuf[outputIndex] = c;
 				outputIndex++;
 			}
 		}
 		
 		if(roundquote){
 			localbuf[outputIndex] = ')';
 			outputIndex++;
 		}
 		
 		if(quotation){
 			localbuf[outputIndex] = '>';
 			outputIndex++;
 		}
 		
 		return outputIndex;
 	}

 }
	package sendmail_crackaddr;

	/**
	* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
	* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
	*
	* Outputs:
	* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
	* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
	* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
	*
	* @author Ben Holland
	*/
	public class SendmailCrackaddr {

	public static final int BUFFERSIZE = 200;

	public static void main(String[] args) {
	String input = "Name Lastname < [email protected] > ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()";
	copyIt(input, input.length());
	}

	public static int copyIt(String input, int length){
	char c;
	char[] localbuf = new char[BUFFERSIZE];
	int upperlimit = BUFFERSIZE - 10;
	boolean quotation = false;
	boolean roundquote = false;
	int inputIndex = 0;
	int outputIndex = 0;

	while(inputIndex < length){
	c = input.charAt(inputIndex++);

	if((c == '<') && (!quotation)){
	quotation = true;
	upperlimit--;
	}

	if((c == '>') && (quotation)){
	quotation = false;
	upperlimit++;
	}

	if((c == '(') && (!quotation) && (!roundquote)){
	roundquote = true;
	// upperlimit--; // decrementation was missing in bug
	}

	if((c == ')') && (!quotation) && (roundquote)){
	roundquote = false;
	upperlimit++;
	}

	// if there is sufficient space in the buffer, write the character
	if(outputIndex < upperlimit){
	localbuf[outputIndex] = c;
	outputIndex++;
	}
	}

	if(roundquote){
	localbuf[outputIndex] = ')';
	outputIndex++;
	}

	if(quotation){
	localbuf[outputIndex] = '>';
	outputIndex++;
	}

	return outputIndex;
	}

	}