pool/exim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 bsc#1069857)

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=194
This commit is contained in:
Dirk Mueller 2017-11-27 10:01:58 +00:00 committed by Git OBS Bridge
parent 51dac3bc71
commit fd72976a49
3 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
exim-CVE-2017-16943.patch Normal file
View File

@ -0,0 +1,40 @@
From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 24 Nov 2017 20:22:33 +0000
Subject: [PATCH] Avoid release of store if there have been later allocations.
Bug 2199
---
src/src/receive.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/src/receive.c b/src/src/receive.c
index e7e518a..d9b5001 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -1810,8 +1810,8 @@ for (;;)
(and sometimes lunatic messages can have ones that are 100s of K long) we
call store_release() for strings that have been copied - if the string is at
the start of a block (and therefore the only thing in it, because we aren't
- doing any other gets), the block gets freed. We can only do this because we
- know there are no other calls to store_get() going on. */
+ doing any other gets), the block gets freed. We can only do this release if
+ there were no allocations since the once that we want to free. */
if (ptr >= header_size - 4)
{
@@ -1820,9 +1820,10 @@ for (;;)
header_size *= 2;
if (!store_extend(next->text, oldsize, header_size))
{
+ BOOL release_ok = store_last_get[store_pool] == next->text;
uschar *newtext = store_get(header_size);
memcpy(newtext, next->text, ptr);
- store_release(next->text);
+ if (release_ok) store_release(next->text);
next->text = newtext;
}
}
--
1.9.1

5
exim.changes
View File

@ -7,6 +7,11 @@ Mon Nov 27 08:52:33 UTC 2017 - kstreitova@suse.com
* upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and * upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and
31beb7972466a33a88770eacbce13490f2ddadc2 31beb7972466a33a88770eacbce13490f2ddadc2
-------------------------------------------------------------------
Mon Nov 27 06:45:14 UTC 2017 - meissner@suse.com
- exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 bsc#1069857)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 23 13:43:04 UTC 2017 - rbrown@suse.com Thu Nov 23 13:43:04 UTC 2017 - rbrown@suse.com

4
exim.spec
View File

@ -111,7 +111,8 @@ Patch0: exim-tail.patch
Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
Patch3: exim-CVE-2017-1000369.patch Patch3: exim-CVE-2017-1000369.patch
Patch4: exim-4.86.2-mariadb_102_compile_fix.patch Patch4: exim-CVE-2017-16943.patch
Patch5: exim-4.86.2-mariadb_102_compile_fix.patch
%package -n eximon %package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue Summary: Eximon, an graphical frontend to administer Exim's mail queue
@ -158,6 +159,7 @@ once, if at all. The rest is done by logrotate / cron.)
%patch2 -p 1 %patch2 -p 1
%patch3 -p 1 %patch3 -p 1
%patch4 -p 1 %patch4 -p 1
%patch5 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE" fPIE="-fPIE"