pool/exim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
exim/fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
Marcus Rueckert 557870d382 Accepting request 490905 from home:pwcau:branches:server:mail 
Corrections for inverted bcond

 import exim-4_86_2+fixes branch
    + fix CVE-2016-1531 
      when installed setuid root, allows local users to gain privileges via the perl_startup
      argument. 
    + fix Bug 1805: store the initial working directory, expand $initial_cwd
    + fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671)
    + Don't issue env warning if env is empty

- fix CVE-2016-9963: DKIM information leakage

- conditionally disable DANE on SuSE versions with OpenSSL < 1.0
- disable i18n by default, utf8_downconvert seems to cause crashes

OBS-URL: https://build.opensuse.org/request/show/490905
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=183
2017-04-25 09:33:40 +00:00

67 lines
2.8 KiB
Diff
Raw Blame History

From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh@wizmail.org>
Date: Fri, 16 Dec 2016 20:36:39 +0000
Subject: [PATCH 1/3] Fix DKIM information leakage
Cherry picked from exim-4_87 .. exim-4_87_1
---
doc/doc-txt/ChangeLog | 7 +++
doc/doc-txt/cve-2016-9663 | 86 +++++++++++++++++++++++++++++++++
src/src/dkim.c | 1 +
src/src/transports/smtp.c | 4 +-
test/confs/4510 | 71 +++++++++++++++++++++++++++
test/log/4510 | 20 ++++++++
test/mail/4510.store | 58 ++++++++++++++++++++++
test/runtest | 8 +++
test/scripts/4510-DKIM-Bounces/4510 | 15 ++++++
test/scripts/4510-DKIM-Bounces/REQUIRES | 2 +
10 files changed, 271 insertions(+), 1 deletion(-)
create mode 100644 doc/doc-txt/cve-2016-9663
create mode 100644 test/confs/4510
create mode 100644 test/log/4510
create mode 100644 test/mail/4510.store
create mode 100644 test/scripts/4510-DKIM-Bounces/4510
create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES
diff --git a/src/dkim.c b/src/dkim.c
index 3e71545..8e93566 100644
--- a/src/dkim.c
+++ b/src/dkim.c
@@ -519,6 +519,7 @@ dkim_exim_sign(int dkim_fd, uschar *dkim_private_key,
(char *)dkim_signing_selector,
(char *)dkim_private_key_expanded
);
+ dkim_private_key_expanded[0] = '\0';
pdkim_set_debug_stream(ctx,debug_file);
diff --git a/src/transports/smtp.c b/src/transports/smtp.c
index a952413..cc8f025 100644
--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
@@ -293,6 +293,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
static uschar *smtp_command; /* Points to last cmd for error messages */
static uschar *mail_command; /* Points to MAIL cmd for error messages */
static BOOL update_waiting; /* TRUE to update the "wait" database */
+static uschar *data_command = US""; /* Points to DATA cmd for error messages */
/*************************************************
@@ -2244,6 +2245,7 @@ if (ok || (smtp_use_pipelining && !mua_wrapper))
case -1: goto END_OFF; /* Timeout on RCPT */
default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
}
+ data_command = string_copy(big_buffer); /* Save for later error message */
}
/* Save the first address of the next batch. */
@@ -2418,7 +2420,7 @@ if (!ok) ok = TRUE; else
#else
"LMTP error after %s: %s",
#endif
- big_buffer, string_printing(buffer));
+ data_command, string_printing(buffer));
setflag(addr, af_pass_message); /* Allow message to go to user */
if (buffer[0] == '5')
addr->transport_return = FAIL;
Reference in New Issue View Git Blame Copy Permalink