[LIH][Fwd: Re: [Exim] verify=header_syntax Buffer overflow (CAN-2004-0400)]

Thu, 06 May 2004 08:16:37 -0700

this is a patch for the hole documented by Georgi Guninski at http://www.guninski.com/exim1.html


-------- Original Message --------
Subject: Re: [Exim] verify=header_syntax Buffer overflow (CAN-2004-0400)
Date: Thu, 6 May 2004 15:13:54 +0100 (BST)
From: Philip Hazel <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: Andreas Metzler <[EMAIL PROTECTED]>
CC: Exim-Users (E-mail) <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

On Thu, 6 May 2004, Andreas Metzler wrote:

Afaict the broken code in src/verify.c is completely useless in exim4.
The header name is copied to hname but the error message is generated
from h->text and hname is ignored.


Correct. I have just been working on this. Below is my patch. There was
some old code that should have been deleted. The patch deletes it.

The bug was provoked by verify=header_syntax in combination with a
header that contained an unqualified local part, and a large amount of
white space between the name and the colon.

--
Philip Hazel            University of Cambridge Computing Service,
[EMAIL PROTECTED]      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book




*** exim-4.33/src/verify.c  Wed May  5 11:08:36 2004
--- verify.c    Thu May  6 14:36:40 2004
***************
*** 1264,1282 ****

      if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
        {
-       uschar hname[64];
-       uschar *t = h->text;
-       uschar *tt = hname;
        uschar *verb = US"is";
        int len;

-       while (*t != ':') *tt++ = *t++;
-       *tt = 0;
-
        /* Arrange not to include any white space at the end in the
        error message. */

-       t = ss;
        while (t > s && isspace(t[-1])) t--;

        /* Add the address which failed to the error message, since in a
--- 1264,1276 ----

      if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
        {
        uschar *verb = US"is";
+       uschar *t = ss;
        int len;

        /* Arrange not to include any white space at the end in the
        error message. */

while (t > s && isspace(t[-1])) t--;

/* Add the address which failed to the error message, since in a

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##




-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help

Reply via email to