pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
mail/postsrsd: patch for CVE-2020-35573
Hi,
please find attached the patch for CVE-2020-35573.
Regards
Matthias Ferdinand
--
one4vision GmbH Fon +49 681 96727 - 60
Residenz am Schlossgarten Fax +49 681 96727 - 69
Talstraße 34-42 info%one4vision.de@localhost
D-66119 Saarbrücken http://www.one4vision.de
HRB 11751 verantwortl. Geschäftsführer:
Amtsgericht Saarbrücken Christof Allmann, Christoph Harth
$NetBSD$
Fix for https://nvd.nist.gov/vuln/detail/CVE-2020-35573:
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of
service (CPU consumption) via a long timestamp tag in an SRS address.
https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac
https://lists.debian.org/debian-lts-announce/2020/12/msg00031.html
--- srs2.c.orig 2016-02-13 23:40:42.000000000 +0000
+++ srs2.c
@@ -230,6 +230,7 @@ srs_timestamp_check(srs_t *srs, const ch
time_t now;
time_t then;
+ if (strlen(stamp) != 2) return SRS_ETIMESTAMPOUTOFDATE;
/* We had better go around this loop exactly twice! */
then = 0;
for (sp = stamp; *sp; sp++) {
Home |
Main Index |
Thread Index |
Old Index