CVSROOT: /cvs Module name: src Changes by: [email protected] 2015/10/01 18:44:30
Modified files:
usr.sbin/smtpd : mta_session.c smtp_session.c
Log message:
detect that a certificate chain will not fit in imsg calls before passing
part of it and failing others, this may leave the lookup process in a weird
state and cause use-after-free and out-of-bounds memory reads, leading to
crashes or potential arbitrary code execution in unprivileged process.
reported by Qualys Security
