diff options
author | Gregory Neil Shapiro <gshapiro@FreeBSD.org> | 2003-03-29 20:13:35 +0000 |
---|---|---|
committer | Gregory Neil Shapiro <gshapiro@FreeBSD.org> | 2003-03-29 20:13:35 +0000 |
commit | 8fc3aa82d855d98a02dfb948d5a296e3f1bac3c7 (patch) | |
tree | 48644a375104f079af864686bf624e887fccc566 | |
parent | 8c25331cdac03a2ebf6549278c58918c0b84e7f1 (diff) | |
download | src-8fc3aa82d855d98a02dfb948d5a296e3f1bac3c7.tar.gz src-8fc3aa82d855d98a02dfb948d5a296e3f1bac3c7.zip |
sendmail parsing buffer overflow fix
Advisory number to be filled in later
Approved by: so (nectar)
Notes
Notes:
svn path=/releng/4.5/; revision=112818
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | contrib/sendmail/src/conf.c | 2 | ||||
-rw-r--r-- | contrib/sendmail/src/parseaddr.c | 15 | ||||
-rw-r--r-- | contrib/sendmail/src/version.c | 2 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
5 files changed, 20 insertions, 4 deletions
@@ -18,6 +18,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20030329: p26 FreeBSD-SA-03:??.sendmail + sendmail address parsing buffer overflow. + 20030303: p25 FreeBSD-SA-03:04.sendmail sendmail header parsing buffer overflow, ident parsing bug. diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c index 04b6f8a0d9ee..d49897cd790c 100644 --- a/contrib/sendmail/src/conf.c +++ b/contrib/sendmail/src/conf.c @@ -320,6 +320,8 @@ setdefaults(e) DontLockReadFiles = TRUE; DoubleBounceAddr = "postmaster"; MaxHeadersLength = MAXHDRSLEN; + MaxMimeHeaderLength = MAXLINE; + MaxMimeFieldLength = MaxMimeHeaderLength / 2; MaxForwardEntries = 0; #if SASL AuthMechanisms = newstr(AUTH_MECHANISMS); diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c index 20f27f965948..0f6bf5953ab9 100644 --- a/contrib/sendmail/src/parseaddr.c +++ b/contrib/sendmail/src/parseaddr.c @@ -446,7 +446,7 @@ u_char TokTypeNoC[256] = }; -#define NOCHAR -1 /* signal nothing in lookahead token */ +#define NOCHAR (-1) /* signal nothing in lookahead token */ char ** prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab) @@ -532,6 +532,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab) /* see if there is room */ if (q >= &pvpbuf[pvpbsize - 5]) { + addrtoolong: usrerr("553 5.1.1 Address too long"); if (strlen(addr) > (SIZE_T) MAXNAME) addr[MAXNAME] = '\0'; @@ -543,11 +544,15 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab) } /* squirrel it away */ +#if !ALLOW_255 + if ((char) c == (char) -1 && !tTd(82, 101)) + c &= 0x7f; +#endif /* !ALLOW_255 */ *q++ = c; } /* read a new input character */ - c = *p++; + c = (*p++) & 0x00ff; if (c == '\0') { /* diagnose and patch up bad syntax */ @@ -602,6 +607,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab) } else if (c != '!' || state == QST) { + /* see if there is room */ + if (q >= &pvpbuf[pvpbsize - 5]) + goto addrtoolong; *q++ = '\\'; continue; } @@ -686,6 +694,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab) /* new token */ if (tok != q) { + /* see if there is room */ + if (q >= &pvpbuf[pvpbsize - 5]) + goto addrtoolong; *q++ = '\0'; if (tTd(22, 36)) { diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c index ce675c74ceef..fe2b78aed68c 100644 --- a/contrib/sendmail/src/version.c +++ b/contrib/sendmail/src/version.c @@ -15,4 +15,4 @@ static char id[] = "@(#)$Id: version.c,v 8.43.4.39 2001/08/20 14:45:34 gshapiro Exp $"; #endif /* ! lint */ -char Version[] = "8.11.6"; +char Version[] = "8.11.6p2"; diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 3629758623f3..98bdbe5c96fd 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.5" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" |