diff options
author | joerg <joerg@pkgsrc.org> | 2006-03-06 22:49:16 +0000 |
---|---|---|
committer | joerg <joerg@pkgsrc.org> | 2006-03-06 22:49:16 +0000 |
commit | 94189713885a800f731b616c459f21463e7503f4 (patch) | |
tree | 879e703084302f73304ced5b1f074ae9dc631fb4 /mail/exim3/patches | |
parent | 5ffc07684739c074075217c8570791c738137e21 (diff) | |
download | pkgsrc-94189713885a800f731b616c459f21463e7503f4.tar.gz |
Fix parsing of IPv6 address possibly result in privilege escalation.
Diffstat (limited to 'mail/exim3/patches')
-rw-r--r-- | mail/exim3/patches/patch-ao | 13 | ||||
-rw-r--r-- | mail/exim3/patches/patch-ap | 24 |
2 files changed, 37 insertions, 0 deletions
diff --git a/mail/exim3/patches/patch-ao b/mail/exim3/patches/patch-ao new file mode 100644 index 00000000000..735d6f43d7b --- /dev/null +++ b/mail/exim3/patches/patch-ao @@ -0,0 +1,13 @@ +$NetBSD: patch-ao,v 1.1 2006/03/06 22:49:16 joerg Exp $ + +--- src/lookups/dnsdb.c.orig 2006-02-14 16:38:38.000000000 +0100 ++++ src/lookups/dnsdb.c +@@ -116,7 +116,7 @@ if (equals != NULL) + /* If the type is PTR, we have to construct the relevant magic lookup + key. */ + +-if (type == T_PTR) ++if (type == T_PTR && string_is_ip_address(keystring, NULL)) + { + char *p = keystring + (int)strlen(keystring); + char *pp = buffer; diff --git a/mail/exim3/patches/patch-ap b/mail/exim3/patches/patch-ap new file mode 100644 index 00000000000..49c700a553f --- /dev/null +++ b/mail/exim3/patches/patch-ap @@ -0,0 +1,24 @@ +$NetBSD: patch-ap,v 1.1 2006/03/06 22:49:16 joerg Exp $ + +--- src/host.c.orig 2006-02-14 16:41:01.000000000 +0100 ++++ src/host.c +@@ -620,12 +620,18 @@ if (strchr(address, ':') != NULL) + + if (*p == ':') p++; + +- /* Split the address into components separated by colons. */ ++ /* Split the address into components separated by colons. The input address ++ is supposed to be checked for syntax. There was a case where this was ++ overlooked; to guard against that happening again, check here and crash if ++ there is a violation. */ + + while (*p != 0) + { + int len = strcspn(p, ":"); + if (len == 0) nulloffset = ci; ++ if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE, ++ "Internal error: invalid IPv6 address \"%s\" passed to host_aton()", ++ address); + component[ci++] = p; + p += len; + if (*p == ':') p++; |