On Tue, Oct 16, 2012 at 05:10:38AM -0600, Eric Faurot wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2012/10/16 05:10:38 > > Modified files: > usr.sbin/smtpd : lka_session.c > > Log message: > Prevent a possible buffer overflow in lka_expand_format() that can lead > to a server crash, and let the smtp session fail if that happens. > > spotted by todd@, discussed with eric@ and chl@ > > commited for gilles@ >
To produce the crash, you need access to smtpd.conf or to a ~/.forward that contains the faulty format. It would cause the unprivileged lka process to go kaput and bring the daemon down with it. testers are encouraged to update and run our -current as it is still the "stable" version at this point. -- Gilles Chehade https://www.poolp.org @poolpOrg
