Author: pierre Date: Thu Jun 22 08:30:10 2017 New Revision: 3592 Log: Patch exim for CVE-2017-1000369
Added: trunk/exim/exim-4.89-avoid_mem_clash-1.patch Added: trunk/exim/exim-4.89-avoid_mem_clash-1.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/exim/exim-4.89-avoid_mem_clash-1.patch Thu Jun 22 08:30:10 2017 (r3592) @@ -0,0 +1,45 @@ +Submitted By: Pierre Labastie <pierre.labas...@neuf.fr> +Date: 2017-06-22 +Initial Package version: 4.89 +Upstream Status: From upstream +Origin: Upstream repo +Description: Cleanup (prevent repeated use of -p/-oMr to avoid mem + leak). Security fix for CVE-2017-1000369 + +diff --git a/src/exim.c b/src/src/exim.c +index 67583e58..88e11977 100644 +--- a/src/exim.c ++++ b/src/exim.c +@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++) + + /* -oMr: Received protocol */ + +- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; ++ else if (Ustrcmp(argrest, "Mr") == 0) ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ else received_protocol = argv[++i]; + + /* -oMs: Set sender host name */ + +@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++) + + if (*argrest != 0) + { +- uschar *hn = Ustrchr(argrest, ':'); ++ uschar *hn; ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ hn = Ustrchr(argrest, ':'); + if (hn == NULL) + { + received_protocol = argrest; -- http://lists.linuxfromscratch.org/listinfo/patches FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page