diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-12-01 03:04:39 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-12-01 03:04:39 +0000 |
commit | 407525b571b48cfd65e1ad7a02d250a927c967c9 (patch) | |
tree | 844bea44d85dc7218f54970af1c42cc9d55c3f1a /mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch | |
parent | 89c6c06b8c42107dd231687a1012354e7d3039fc (diff) |
gentoo resync : 01.12.2017
Diffstat (limited to 'mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch')
-rw-r--r-- | mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch new file mode 100644 index 000000000000..285a6170aa82 --- /dev/null +++ b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch @@ -0,0 +1,57 @@ +From 178ecb70987f024f0e775d87c2f8b2cf587dd542 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> +Date: Mon, 27 Nov 2017 22:42:33 +0100 +Subject: [PATCH] Chunking: do not treat the first lonely dot special. + CVE-2017-16944, Bug 2201 + +Modified to apply on 4.89-gentoo + +--- + src/src/receive.c | 2 +- + src/src/smtp_in.c | 7 +++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/src/receive.c b/src/src/receive.c +index 541eba1..417e975 100644 +--- a/src/src/receive.c ++++ b/src/src/receive.c +@@ -1865,7 +1865,7 @@ for (;;) + prevent further reading), and break out of the loop, having freed the + empty header, and set next = NULL to indicate no data line. */ + +- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) ++ if (ptr == 0 && ch == '.' && dot_ends) + { + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); + if (ch == '\r') +diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c +index 1fdb705..0aabc53 100644 +--- a/src/src/smtp_in.c ++++ b/src/src/smtp_in.c +@@ -5094,16 +5094,23 @@ while (done <= 0) + DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", + (int)chunking_state, chunking_data_left); + ++ /* push the current receive_* function on the "stack", and ++ replace them by bdat_getc(), which in turn will use the lwr_receive_* ++ functions to do the dirty work. */ + lwr_receive_getc = receive_getc; + lwr_receive_ungetc = receive_ungetc; ++ + receive_getc = bdat_getc; + receive_ungetc = bdat_ungetc; + ++ dot_ends = FALSE; ++ + goto DATA_BDAT; + } + + case DATA_CMD: + HAD(SCH_DATA); ++ dot_ends = TRUE; + + DATA_BDAT: /* Common code for DATA and BDAT */ + if (!discarded && recipients_count <= 0) +-- +1.9.1 + |