aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGregory Neil Shapiro <gshapiro@FreeBSD.org>2003-03-29 20:13:35 +0000
committerGregory Neil Shapiro <gshapiro@FreeBSD.org>2003-03-29 20:13:35 +0000
commit47f428492dd02c02323c856afad58f5c2eda999d (patch)
tree158bce05b1596e3a9297dc649f753e43e880bab9
parente71c20063f8983f9a6aa22426a32f7d6825c635e (diff)
downloadsrc-47f428492dd02c02323c856afad58f5c2eda999d.tar.gz
src-47f428492dd02c02323c856afad58f5c2eda999d.zip
sendmail parsing buffer overflow fix
Advisory number to be filled in later Approved by: so (nectar)
Notes
Notes: svn path=/releng/4.3/; revision=112818
-rw-r--r--UPDATING3
-rw-r--r--contrib/sendmail/src/conf.c2
-rw-r--r--contrib/sendmail/src/parseaddr.c15
-rw-r--r--contrib/sendmail/src/version.c2
-rw-r--r--sys/conf/newvers.sh2
5 files changed, 20 insertions, 4 deletions
diff --git a/UPDATING b/UPDATING
index bd393586acfb..40bf4958f968 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20030329: p32 FreeBSD-SA-03:??.sendmail
+ sendmail address parsing buffer overflow.
+
20030303: p31 FreeBSD-SA-03:04.sendmail
sendmail header parsing buffer overflow, ident parsing bug.
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index ab082f87aad7..e352df019054 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -320,6 +320,8 @@ setdefaults(e)
DontLockReadFiles = TRUE;
DoubleBounceAddr = "postmaster";
MaxHeadersLength = MAXHDRSLEN;
+ MaxMimeHeaderLength = MAXLINE;
+ MaxMimeFieldLength = MaxMimeHeaderLength / 2;
MaxForwardEntries = 0;
#if SASL
AuthMechanisms = newstr(AUTH_MECHANISMS);
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index 7bf71dfc3b48..f4cffcf5ef0b 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -446,7 +446,7 @@ u_char TokTypeNoC[256] =
};
-#define NOCHAR -1 /* signal nothing in lookahead token */
+#define NOCHAR (-1) /* signal nothing in lookahead token */
char **
prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
@@ -532,6 +532,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
{
+ addrtoolong:
usrerr("553 5.1.1 Address too long");
if (strlen(addr) > (SIZE_T) MAXNAME)
addr[MAXNAME] = '\0';
@@ -543,11 +544,15 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
}
/* squirrel it away */
+#if !ALLOW_255
+ if ((char) c == (char) -1 && !tTd(82, 101))
+ c &= 0x7f;
+#endif /* !ALLOW_255 */
*q++ = c;
}
/* read a new input character */
- c = *p++;
+ c = (*p++) & 0x00ff;
if (c == '\0')
{
/* diagnose and patch up bad syntax */
@@ -602,6 +607,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
}
else if (c != '!' || state == QST)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\\';
continue;
}
@@ -686,6 +694,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
/* new token */
if (tok != q)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\0';
if (tTd(22, 36))
{
diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c
index 60a42c673d0d..88fc22af13b5 100644
--- a/contrib/sendmail/src/version.c
+++ b/contrib/sendmail/src/version.c
@@ -15,4 +15,4 @@
static char id[] = "@(#)$Id: version.c,v 8.43.4.30 2001/02/27 19:22:31 gshapiro Exp $";
#endif /* ! lint */
-char Version[] = "8.11.3";
+char Version[] = "8.11.3p2";
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index b60ca71900e6..c8ffb32def13 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.3"
-BRANCH="RELEASE-p31"
+BRANCH="RELEASE-p32"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"