Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-2-0]: src/gnu/dist/sendmail/sendmail Apply patch (requested by ad...
details: https://anonhg.NetBSD.org/src/rev/8bfd0307e125
branches: netbsd-2-0
changeset: 564980:8bfd0307e125
user: tron <tron%NetBSD.org@localhost>
date: Wed Jun 14 20:08:52 2006 +0000
description:
Apply patch (requested by adrianp in ticket #10645):
Fix potential denial of service problem caused by excessive recursion
which leads to stack exhaustion when attempting delivery of a malformed
MIME message.
diffstat:
gnu/dist/sendmail/sendmail/deliver.c | 8 +++---
gnu/dist/sendmail/sendmail/mime.c | 40 +++++++++++++++++++++++++++-------
gnu/dist/sendmail/sendmail/sendmail.h | 5 ++-
gnu/dist/sendmail/sendmail/version.c | 6 ++--
4 files changed, 41 insertions(+), 18 deletions(-)
diffs (188 lines):
diff -r 775d0bab9d1d -r 8bfd0307e125 gnu/dist/sendmail/sendmail/deliver.c
--- a/gnu/dist/sendmail/sendmail/deliver.c Thu Jun 08 22:28:36 2006 +0000
+++ b/gnu/dist/sendmail/sendmail/deliver.c Wed Jun 14 20:08:52 2006 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: deliver.c,v 1.12.2.1 2006/03/24 19:13:43 riz Exp $ */
+/* $NetBSD: deliver.c,v 1.12.2.2 2006/06/14 20:08:52 tron Exp $ */
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: deliver.c,v 1.12.2.1 2006/03/24 19:13:43 riz Exp $");
+__RCSID("$NetBSD: deliver.c,v 1.12.2.2 2006/06/14 20:08:52 tron Exp $");
#endif
/*
@@ -4572,7 +4572,7 @@
/* now do the hard work */
boundaries[0] = NULL;
mci->mci_flags |= MCIF_INHEADER;
- if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) ==
+ if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) ==
SM_IO_EOF)
goto writeerr;
}
@@ -4603,7 +4603,7 @@
SuprErrs = true;
if (mime8to7(mci, e->e_header, e, boundaries,
- M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF)
+ M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF)
goto writeerr;
/* restore SuprErrs */
diff -r 775d0bab9d1d -r 8bfd0307e125 gnu/dist/sendmail/sendmail/mime.c
--- a/gnu/dist/sendmail/sendmail/mime.c Thu Jun 08 22:28:36 2006 +0000
+++ b/gnu/dist/sendmail/sendmail/mime.c Wed Jun 14 20:08:52 2006 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: mime.c,v 1.6.2.1 2006/03/24 19:13:43 riz Exp $ */
+/* $NetBSD: mime.c,v 1.6.2.2 2006/06/14 20:08:52 tron Exp $ */
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: mime.c,v 1.6.2.1 2006/03/24 19:13:43 riz Exp $");
+__RCSID("$NetBSD: mime.c,v 1.6.2.2 2006/06/14 20:08:52 tron Exp $");
#endif
/*
@@ -86,6 +86,7 @@
** boundaries -- the currently pending message boundaries.
** NULL if we are processing the outer portion.
** flags -- to tweak processing.
+** level -- recursion level.
**
** Returns:
** An indicator of what terminated the message part:
@@ -102,12 +103,13 @@
};
int
-mime8to7(mci, header, e, boundaries, flags)
+mime8to7(mci, header, e, boundaries, flags, level)
register MCI *mci;
HDR *header;
register ENVELOPE *e;
char **boundaries;
int flags;
+ int level;
{
register char *p;
int linelen;
@@ -128,6 +130,18 @@
char pvpbuf[MAXLINE];
extern unsigned char MimeTokenTab[256];
+ if (level > MAXMIMENESTING)
+ {
+ if (!bitset(EF_TOODEEP, e->e_flags))
+ {
+ if (tTd(43, 4))
+ sm_dprintf("mime8to7: too deep, level=%d\n",
+ level);
+ usrerr("mime8to7: recursion level %d exceeded",
+ level);
+ e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
+ }
+ }
if (tTd(43, 1))
{
sm_dprintf("mime8to7: flags = %x, boundaries =", flags);
@@ -248,7 +262,9 @@
*/
if (sm_strcasecmp(type, "multipart") == 0 &&
- (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)))
+ (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) &&
+ !bitset(EF_TOODEEP, e->e_flags)
+ )
{
if (sm_strcasecmp(subtype, "digest") == 0)
@@ -292,10 +308,13 @@
}
if (i >= MAXMIMENESTING)
{
- usrerr("mime8to7: multipart nesting boundary too deep");
+ if (tTd(43, 4))
+ sm_dprintf("mime8to7: too deep, i=%d\n", i);
+ if (!bitset(EF_TOODEEP, e->e_flags))
+ usrerr("mime8to7: multipart nesting boundary too deep");
/* avoid bounce loops */
- e->e_flags |= EF_DONT_MIME;
+ e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
}
else
{
@@ -339,7 +358,8 @@
goto writeerr;
if (tTd(43, 101))
putline("+++after putheader", mci);
- bt = mime8to7(mci, hdr, e, boundaries, flags);
+ bt = mime8to7(mci, hdr, e, boundaries, flags,
+ level + 1);
if (bt == SM_IO_EOF)
goto writeerr;
}
@@ -380,7 +400,8 @@
if (sm_strcasecmp(type, "message") == 0)
{
- if (!wordinclass(subtype, 's'))
+ if (!wordinclass(subtype, 's') ||
+ bitset(EF_TOODEEP, e->e_flags))
{
flags |= M87F_NO8BIT;
}
@@ -403,7 +424,8 @@
!bitset(M87F_NO8TO7, flags) &&
!putline("MIME-Version: 1.0", mci))
goto writeerr;
- bt = mime8to7(mci, hdr, e, boundaries, flags);
+ bt = mime8to7(mci, hdr, e, boundaries, flags,
+ level + 1);
mci->mci_flags &= ~MCIF_INMIME;
return bt;
}
diff -r 775d0bab9d1d -r 8bfd0307e125 gnu/dist/sendmail/sendmail/sendmail.h
--- a/gnu/dist/sendmail/sendmail/sendmail.h Thu Jun 08 22:28:36 2006 +0000
+++ b/gnu/dist/sendmail/sendmail/sendmail.h Wed Jun 14 20:08:52 2006 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sendmail.h,v 1.14.2.1 2006/03/24 19:13:43 riz Exp $ */
+/* $NetBSD: sendmail.h,v 1.14.2.2 2006/06/14 20:08:52 tron Exp $ */
/*
* Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
* All rights reserved.
@@ -943,6 +943,7 @@
#define EF_TOOBIG 0x02000000L /* message is too big */
#define EF_SPLIT 0x04000000L /* envelope has been split */
#define EF_UNSAFE 0x08000000L /* unsafe: read from untrusted source */
+#define EF_TOODEEP 0x10000000L /* message is nested too deep */
#define DLVR_NOTIFY 0x01
#define DLVR_RETURN 0x02
@@ -1593,7 +1594,7 @@
/* functions */
extern bool mime7to8 __P((MCI *, HDR *, ENVELOPE *));
-extern int mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
+extern int mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int, int));
/*
** Flags passed to returntosender.
diff -r 775d0bab9d1d -r 8bfd0307e125 gnu/dist/sendmail/sendmail/version.c
--- a/gnu/dist/sendmail/sendmail/version.c Thu Jun 08 22:28:36 2006 +0000
+++ b/gnu/dist/sendmail/sendmail/version.c Wed Jun 14 20:08:52 2006 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: version.c,v 1.15.2.1 2006/03/24 19:13:43 riz Exp $ */
+/* $NetBSD: version.c,v 1.15.2.2 2006/06/14 20:08:52 tron Exp $ */
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: version.c,v 1.15.2.1 2006/03/24 19:13:43 riz Exp $");
+__RCSID("$NetBSD: version.c,v 1.15.2.2 2006/06/14 20:08:52 tron Exp $");
#endif
/*
@@ -21,4 +21,4 @@
SM_RCSID("@(#)Id: version.c,v 8.104.2.26 2004/01/13 00:29:26 ca Exp")
-char Version[] = "8.12.11.20060308";
+char Version[] = "8.12.11.20060614";
Home |
Main Index |
Thread Index |
Old Index