diff options
author | salo <salo> | 2006-06-14 21:07:23 +0000 |
---|---|---|
committer | salo <salo> | 2006-06-14 21:07:23 +0000 |
commit | 0656e254edcf54ebabb096b38c6413b0c46d74d5 (patch) | |
tree | 249b93bb565ac3f6d5261c5f2c20f5861c2c6bcd | |
parent | ca20779322dc43066e7e6fe1371d63ea8ad23929 (diff) | |
download | pkgsrc-0656e254edcf54ebabb096b38c6413b0c46d74d5.tar.gz |
Pullup ticket 1701 - requested by adrianp
security fix for sendmail812
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Jun 14 18:57:34 UTC 2006
Modified Files:
pkgsrc/mail/sendmail812: Makefile distinfo
Added Files:
pkgsrc/mail/sendmail812/patches: patch-ah patch-ai patch-aj patch-ak
Log Message:
Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
-rw-r--r-- | mail/sendmail812/Makefile | 4 | ||||
-rw-r--r-- | mail/sendmail812/distinfo | 6 | ||||
-rw-r--r-- | mail/sendmail812/patches/patch-ah | 22 | ||||
-rw-r--r-- | mail/sendmail812/patches/patch-ai | 103 | ||||
-rw-r--r-- | mail/sendmail812/patches/patch-aj | 21 | ||||
-rw-r--r-- | mail/sendmail812/patches/patch-ak | 8 |
6 files changed, 161 insertions, 3 deletions
diff --git a/mail/sendmail812/Makefile b/mail/sendmail812/Makefile index 2849997eb0a..d02a92dca2c 100644 --- a/mail/sendmail812/Makefile +++ b/mail/sendmail812/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.8 2006/03/22 21:19:06 tv Exp $ +# $NetBSD: Makefile,v 1.8.2.1 2006/06/14 21:07:23 salo Exp $ .include "options.mk" .include "../../mail/sendmail812/Makefile.common" PKGNAME= sendmail-${DIST_VERS} -PKGREVISION= 2 +PKGREVISION= 3 COMMENT= The well known Mail Transport Agent CONFLICTS+= postfix-[0-9]* fastforward>=0.51nb2 diff --git a/mail/sendmail812/distinfo b/mail/sendmail812/distinfo index 6a1b3530cb5..a0763147199 100644 --- a/mail/sendmail812/distinfo +++ b/mail/sendmail812/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2006/03/22 21:19:06 tv Exp $ +$NetBSD: distinfo,v 1.4.2.1 2006/06/14 21:07:23 salo Exp $ SHA1 (sendmail.8.12.11.tar.gz) = ce1ba0e50740c548f8555f1a905d8514e6637f95 RMD160 (sendmail.8.12.11.tar.gz) = a80ceccbe3425ea01ce6cb89f2226f83b3562b64 @@ -13,3 +13,7 @@ SHA1 (patch-ad) = 7232cc7ceb46a2dbf631d61185e4c6ca4af18a13 SHA1 (patch-ae) = ae06caa125fe4d4fc85123dc0a5d0016cd099ebd SHA1 (patch-af) = d26481845328adad6d46fdf797785ec2ad003e28 SHA1 (patch-ag) = 4e84e709338eecc0dc14a6df42d8071fee1938a3 +SHA1 (patch-ah) = b876e92147bce47fee5f77106c2a1b281fac743f +SHA1 (patch-ai) = d17bc0a551fa5efd59f4822ca59049e166e59d86 +SHA1 (patch-aj) = 6901b3efacf02ba5f71fbfb6056b1eced9d4c037 +SHA1 (patch-ak) = 12e2d44366920ee3c5f697d0e2f15fcd02d2d64f diff --git a/mail/sendmail812/patches/patch-ah b/mail/sendmail812/patches/patch-ah new file mode 100644 index 00000000000..9b829c3e651 --- /dev/null +++ b/mail/sendmail812/patches/patch-ah @@ -0,0 +1,22 @@ +$NetBSD: patch-ah,v 1.1.2.2 2006/06/14 21:07:23 salo Exp $ + +--- sendmail/deliver.c.orig 2006-06-13 21:35:58.000000000 +0100 ++++ sendmail/deliver.c +@@ -4566,7 +4566,7 @@ putbody(mci, e, separator) + /* now do the hard work */ + boundaries[0] = NULL; + mci->mci_flags |= MCIF_INHEADER; +- if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) == ++ if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) == + SM_IO_EOF) + goto writeerr; + } +@@ -4597,7 +4597,7 @@ putbody(mci, e, separator) + SuprErrs = true; + + if (mime8to7(mci, e->e_header, e, boundaries, +- M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF) ++ M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF) + goto writeerr; + + /* restore SuprErrs */ diff --git a/mail/sendmail812/patches/patch-ai b/mail/sendmail812/patches/patch-ai new file mode 100644 index 00000000000..32d617f1a7d --- /dev/null +++ b/mail/sendmail812/patches/patch-ai @@ -0,0 +1,103 @@ +$NetBSD: patch-ai,v 1.1.2.2 2006/06/14 21:07:23 salo Exp $ + +--- sendmail/mime.c.orig 2006-06-13 21:35:58.000000000 +0100 ++++ sendmail/mime.c +@@ -80,6 +80,7 @@ static bool MapNLtoCRLF; + ** boundaries -- the currently pending message boundaries. + ** NULL if we are processing the outer portion. + ** flags -- to tweak processing. ++** level -- recursion level. + ** + ** Returns: + ** An indicator of what terminated the message part: +@@ -96,12 +97,13 @@ struct args + }; + + int +-mime8to7(mci, header, e, boundaries, flags) ++mime8to7(mci, header, e, boundaries, flags, level) + register MCI *mci; + HDR *header; + register ENVELOPE *e; + char **boundaries; + int flags; ++ int level; + { + register char *p; + int linelen; +@@ -122,6 +124,18 @@ mime8to7(mci, header, e, boundaries, fla + char pvpbuf[MAXLINE]; + extern unsigned char MimeTokenTab[256]; + ++ if (level > MAXMIMENESTING) ++ { ++ if (!bitset(EF_TOODEEP, e->e_flags)) ++ { ++ if (tTd(43, 4)) ++ sm_dprintf("mime8to7: too deep, level=%d\n", ++ level); ++ usrerr("mime8to7: recursion level %d exceeded", ++ level); ++ e->e_flags |= EF_DONT_MIME|EF_TOODEEP; ++ } ++ } + if (tTd(43, 1)) + { + sm_dprintf("mime8to7: flags = %x, boundaries =", flags); +@@ -242,7 +256,9 @@ mime8to7(mci, header, e, boundaries, fla + */ + + if (sm_strcasecmp(type, "multipart") == 0 && +- (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags))) ++ (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) && ++ !bitset(EF_TOODEEP, e->e_flags) ++ ) + { + + if (sm_strcasecmp(subtype, "digest") == 0) +@@ -286,10 +302,13 @@ mime8to7(mci, header, e, boundaries, fla + } + if (i >= MAXMIMENESTING) + { +- usrerr("mime8to7: multipart nesting boundary too deep"); ++ if (tTd(43, 4)) ++ sm_dprintf("mime8to7: too deep, i=%d\n", i); ++ if (!bitset(EF_TOODEEP, e->e_flags)) ++ usrerr("mime8to7: multipart nesting boundary too deep"); + + /* avoid bounce loops */ +- e->e_flags |= EF_DONT_MIME; ++ e->e_flags |= EF_DONT_MIME|EF_TOODEEP; + } + else + { +@@ -333,7 +352,8 @@ mime8to7(mci, header, e, boundaries, fla + goto writeerr; + if (tTd(43, 101)) + putline("+++after putheader", mci); +- bt = mime8to7(mci, hdr, e, boundaries, flags); ++ bt = mime8to7(mci, hdr, e, boundaries, flags, ++ level + 1); + if (bt == SM_IO_EOF) + goto writeerr; + } +@@ -374,7 +394,8 @@ mime8to7(mci, header, e, boundaries, fla + + if (sm_strcasecmp(type, "message") == 0) + { +- if (!wordinclass(subtype, 's')) ++ if (!wordinclass(subtype, 's') || ++ bitset(EF_TOODEEP, e->e_flags)) + { + flags |= M87F_NO8BIT; + } +@@ -397,7 +418,8 @@ mime8to7(mci, header, e, boundaries, fla + !bitset(M87F_NO8TO7, flags) && + !putline("MIME-Version: 1.0", mci)) + goto writeerr; +- bt = mime8to7(mci, hdr, e, boundaries, flags); ++ bt = mime8to7(mci, hdr, e, boundaries, flags, ++ level + 1); + mci->mci_flags &= ~MCIF_INMIME; + return bt; + } diff --git a/mail/sendmail812/patches/patch-aj b/mail/sendmail812/patches/patch-aj new file mode 100644 index 00000000000..5e4d82e2987 --- /dev/null +++ b/mail/sendmail812/patches/patch-aj @@ -0,0 +1,21 @@ +$NetBSD: patch-aj,v 1.1.2.2 2006/06/14 21:07:23 salo Exp $ + +--- sendmail/sendmail.h.orig 2006-06-13 21:35:58.000000000 +0100 ++++ sendmail/sendmail.h +@@ -942,6 +942,7 @@ struct envelope + #define EF_TOOBIG 0x02000000L /* message is too big */ + #define EF_SPLIT 0x04000000L /* envelope has been split */ + #define EF_UNSAFE 0x08000000L /* unsafe: read from untrusted source */ ++#define EF_TOODEEP 0x10000000L /* message is nested too deep */ + + #define DLVR_NOTIFY 0x01 + #define DLVR_RETURN 0x02 +@@ -1592,7 +1593,7 @@ EXTERN unsigned long PrivacyFlags; /* pr + + /* functions */ + extern bool mime7to8 __P((MCI *, HDR *, ENVELOPE *)); +-extern int mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int)); ++extern int mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int, int)); + + /* + ** Flags passed to returntosender. diff --git a/mail/sendmail812/patches/patch-ak b/mail/sendmail812/patches/patch-ak new file mode 100644 index 00000000000..a383fded77d --- /dev/null +++ b/mail/sendmail812/patches/patch-ak @@ -0,0 +1,8 @@ +$NetBSD: patch-ak,v 1.1.2.2 2006/06/14 21:07:23 salo Exp $ + +--- sendmail/version.c.orig 2006-06-14 20:31:43.000000000 +0100 ++++ sendmail/version.c +@@ -17,2 +17,2 @@ SM_RCSID("@(#)$Id: version.c,v 8.104.2.2 + +-char Version[] = "8.12.11.20060308"; ++char Version[] = "8.12.11.20060614"; |