Репозитории ALT
| S: | 4.96-alt1 |
| 5.1: | 4.76-alt0.M50P.1 |
| 4.1: | 4.69-alt1.M41.3 |
| 4.0: | 4.67-alt1 |
| 3.0: | 4.51-alt1 |
Группа :: Сети/Почта
Пакет: exim
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: CVE-2012-5671.patch
Скачать
Скачать
From 4263f395efd136dece52d765dfcff3c96f17506e Mon Sep 17 00:00:00 2001
From: Phil Pennock <pdp@exim.org>
Date: Wed, 24 Oct 2012 23:26:29 -0400
Subject: [PATCH 1/3] SECURITY: DKIM DNS buffer overflow protection
CVE-2012-5671
malloc/heap overflow, with a 60kB window of overwrite.
Requires DNS under control of person sending email, leaves plenty of
evidence, but is very likely exploitable on OSes that have not been
well hardened.
---
doc/doc-txt/ChangeLog | 8 ++++++++
src/src/dkim.c | 3 +++
src/src/pdkim/pdkim.h | 4 ++--
3 files changed, 13 insertions(+), 2 deletions(-)
Index: exim4-4.76/src/dkim.c
===================================================================
--- exim4-4.76.orig/src/dkim.c 2011-05-09 04:36:25.000000000 -0400
+++ exim4-4.76/src/dkim.c 2012-10-25 08:26:24.009726695 -0400
@@ -44,6 +44,9 @@
"%.*s", (int)len, (char *)((rr->data)+rr_offset));
rr_offset+=len;
answer_offset+=len;
+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {+ return PDKIM_FAIL;
+ }
}
}
else return PDKIM_FAIL;
Index: exim4-4.76/src/pdkim/pdkim.h
===================================================================
--- exim4-4.76.orig/src/pdkim/pdkim.h 2011-05-09 04:36:25.000000000 -0400
+++ exim4-4.76/src/pdkim/pdkim.h 2012-10-25 08:26:24.009726695 -0400
@@ -29,8 +29,8 @@
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
- callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
+ callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
/* -------------------------------------------------------------------------- */
/* Function success / error codes */