Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/gnu/dist/sendmail/sendmail Apply sendmail security patc...
details: https://anonhg.NetBSD.org/src/rev/3d55ab1bca4f
branches: netbsd-1-6
changeset: 530199:3d55ab1bca4f
user: tron <tron%NetBSD.org@localhost>
date: Sat Mar 29 23:18:33 2003 +0000
description:
Apply sendmail security patch (requested by atatat in ticket #1237):
Fix a buffer overflow in address parsing due to a char to int
conversion problem which is potentially remotely exploitable.
Problem found by Michal Zalewski.
Note: an MTA that is not patched might be vulnerable to data
that it receives from untrusted sources, which includes DNS.
diffstat:
gnu/dist/sendmail/sendmail/conf.c | 2 ++
gnu/dist/sendmail/sendmail/parseaddr.c | 15 +++++++++++++--
gnu/dist/sendmail/sendmail/version.c | 2 +-
3 files changed, 16 insertions(+), 3 deletions(-)
diffs (78 lines):
diff -r 3cfd30b0ff42 -r 3d55ab1bca4f gnu/dist/sendmail/sendmail/conf.c
--- a/gnu/dist/sendmail/sendmail/conf.c Tue Mar 25 20:01:35 2003 +0000
+++ b/gnu/dist/sendmail/sendmail/conf.c Sat Mar 29 23:18:33 2003 +0000
@@ -318,6 +318,8 @@
DontLockReadFiles = TRUE;
DoubleBounceAddr = "postmaster";
MaxHeadersLength = MAXHDRSLEN;
+ MaxMimeHeaderLength = MAXLINE;
+ MaxMimeFieldLength = MaxMimeHeaderLength / 2;
MaxForwardEntries = 0;
#if SASL
AuthMechanisms = newstr(AUTH_MECHANISMS);
diff -r 3cfd30b0ff42 -r 3d55ab1bca4f gnu/dist/sendmail/sendmail/parseaddr.c
--- a/gnu/dist/sendmail/sendmail/parseaddr.c Tue Mar 25 20:01:35 2003 +0000
+++ b/gnu/dist/sendmail/sendmail/parseaddr.c Sat Mar 29 23:18:33 2003 +0000
@@ -446,7 +446,7 @@
};
-#define NOCHAR -1 /* signal nothing in lookahead token */
+#define NOCHAR (-1) /* signal nothing in lookahead token */
char **
prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
@@ -532,6 +532,7 @@
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
{
+ addrtoolong:
usrerr("553 5.1.1 Address too long");
if (strlen(addr) > (SIZE_T) MAXNAME)
addr[MAXNAME] = '\0';
@@ -543,11 +544,15 @@
}
/* squirrel it away */
+#if !ALLOW_255
+ if ((char) c == (char) -1 && !tTd(82, 101))
+ c &= 0x7f;
+#endif /* !ALLOW_255 */
*q++ = c;
}
/* read a new input character */
- c = *p++;
+ c = (*p++) & 0x00ff;
if (c == '\0')
{
/* diagnose and patch up bad syntax */
@@ -602,6 +607,9 @@
}
else if (c != '!' || state == QST)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\\';
continue;
}
@@ -686,6 +694,9 @@
/* new token */
if (tok != q)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\0';
if (tTd(22, 36))
{
diff -r 3cfd30b0ff42 -r 3d55ab1bca4f gnu/dist/sendmail/sendmail/version.c
--- a/gnu/dist/sendmail/sendmail/version.c Tue Mar 25 20:01:35 2003 +0000
+++ b/gnu/dist/sendmail/sendmail/version.c Sat Mar 29 23:18:33 2003 +0000
@@ -15,4 +15,4 @@
static char id[] = "@(#)Id: version.c,v 8.43.4.39 2001/08/20 14:45:34 gshapiro Exp";
#endif /* ! lint */
-char Version[] = "8.11.6";
+char Version[] = "8.11.6p2";
Home |
Main Index |
Thread Index |
Old Index