Sam, I believe I've found and corrected a heap corruption bug in
couriertls. I installed a new mail server for a client yesterday and
found that the logs were recording a glibc-detected heap corruption in
gnutls. I spent a few hours debugging, and I think I've got it
resolved. After applying the attached patch, I no longer see crashes in
that installation.
This patch is made against 0.68.2, since all of my servers are CentOS 6
and include gnutls 2.8.5. I'd really rather not maintain my own builds
of gnutls 3, so I'll be sticking with 0.68.2 for the time being. The
bug looks like it's still present in 0.69.1, and the same one-line
change should apply there.
--- courier-0.68.2/tcpd/libcouriergnutls.c.orig 2013-01-12 11:56:07.885057583 -0800
+++ courier-0.68.2/tcpd/libcouriergnutls.c 2013-01-12 11:57:03.536075913 -0800
@@ -1238,7 +1238,7 @@
vhost_max_size=vhost_size;
}
- vhost_buf=malloc(vhost_size);
+ vhost_buf=malloc(vhost_max_size);
if (!vhost_buf)
return GNUTLS_E_MEMORY_ERROR;
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122912___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users