Package: exim-tls
Version: 3.35-3woody1
Severity: normal
Justification: security hole
Tags: security patch
Patch from the Exim3 package that applies cleanly to Exim-tls below.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux soapstone 2.6.8.1.murb3 #1 Wed Nov 24 16:24:57 CET 2004 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages exim-tls depends on:
ii cron 3.0pl1-72 management of regular background p
ii debianutils 1.16.2woody1 Miscellaneous utilities specific t
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libdb3 3.2.9-16 Berkeley v3 Database Libraries [ru
ii libdb3-util 3.2.9-16 Berkeley v3 Database Utilities
ii libident 0.22-2 simple RFC1413 client library - ru
ii libldap2 2.0.23-6.3 OpenLDAP libraries.
ii libpam0g 0.72-35 Pluggable Authentication Modules l
ii libpcre3 3.4-1.1 Philip Hazel's Perl Compatible Reg
ii libssl0.9.6 0.9.6c-2.woody.7 SSL shared libraries
ii netbase 4.07 Basic TCP/IP networking system
ii openssl 0.9.6c-2.woody.7 Secure Socket Layer (SSL) binary a
diff -urN --exclude=debian --exclude=README.orig --exclude=EDITME
exim-tls/exim-tls-3.35/src/accept.c exim/exim-3.35/src/accept.c
--- exim-tls/exim-tls-3.35/src/accept.c Tue Feb 19 10:10:41 2002
+++ exim/exim-3.35/src/accept.c Wed Jan 12 12:44:51 2005
@@ -1895,7 +1895,8 @@
char *verb = "is";
int len;
- while (*t != ':') *tt++ = *t++;
+ while (*t != ':' && (tt < (hname + sizeof(hname)-2)))
+ *tt++ = *t++;
*tt = 0;
/* Arrange not to include any white space at the end in the
diff -urN --exclude=debian --exclude=README.orig --exclude=EDITME
exim-tls/exim-tls-3.35/src/host.c exim/exim-3.35/src/host.c
--- exim-tls/exim-tls-3.35/src/host.c Tue Feb 19 10:10:43 2002
+++ exim/exim-3.35/src/host.c Wed Jan 12 12:44:51 2005
@@ -626,6 +626,9 @@
{
int len = strcspn(p, ":");
if (len == 0) nulloffset = ci;
+ if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
+ address);
component[ci++] = p;
p += len;
if (*p == ':') p++;
diff -urN --exclude=debian --exclude=README.orig --exclude=EDITME
exim-tls/exim-tls-3.35/src/lookups/dnsdb.c exim/exim-3.35/src/lookups/dnsdb.c
--- exim-tls/exim-tls-3.35/src/lookups/dnsdb.c Tue Feb 19 10:10:44 2002
+++ exim/exim-3.35/src/lookups/dnsdb.c Wed Jan 12 12:44:51 2005
@@ -116,7 +116,7 @@
/* If the type is PTR, we have to construct the relevant magic lookup
key. */
-if (type == T_PTR)
+if (type == T_PTR && string_is_ip_address(keystring, NULL))
{
char *p = keystring + (int)strlen(keystring);
char *pp = buffer;
diff -urN --exclude=debian --exclude=README.orig --exclude=EDITME
exim-tls/exim-tls-3.35/src/verify.c exim/exim-3.35/src/verify.c
--- exim-tls/exim-tls-3.35/src/verify.c Tue Feb 19 10:10:46 2002
+++ exim/exim-3.35/src/verify.c Wed Jan 12 12:44:51 2005
@@ -892,7 +892,7 @@
/* Set up the key for the reject hints database, and attempt to open it.
If successful, read the record. */
-sprintf(buffer, "%s:%.200s", sender_address,
+snprintf(buffer, sizeof(buffer), "%s:%.200s", sender_address,
(sender_host_name != NULL)? sender_host_name :
(sender_host_address != NULL)? sender_host_address : "");
@@ -1182,7 +1182,7 @@
O_WRONLY) is needed by Berkeley native DB even when reading only. If the
database won't open, we can do no more. */
-sprintf(buffer, "%s:%.200s", sender_address,
+snprintf(buffer, sizeof(buffer), "%s:%.200s", sender_address,
(sender_host_name != NULL)? sender_host_name :
(sender_host_address != NULL)? sender_host_address : "");
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
