aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGregory Neil Shapiro <gshapiro@FreeBSD.org>2003-03-29 20:13:35 +0000
committerGregory Neil Shapiro <gshapiro@FreeBSD.org>2003-03-29 20:13:35 +0000
commita3ffaa9b795fce93022b3b502b1d7c331cc0d412 (patch)
tree0e39fc202e4c6bf7bfbe81975930b40d8d3d1c24
parentf8bf448616afe936884fe770757cc09c5c035312 (diff)
downloadsrc-a3ffaa9b795fce93022b3b502b1d7c331cc0d412.tar.gz
src-a3ffaa9b795fce93022b3b502b1d7c331cc0d412.zip
sendmail parsing buffer overflow fix
Advisory number to be filled in later Approved by: so (nectar)
Notes
Notes: svn path=/releng/5.0/; revision=112818
-rw-r--r--UPDATING3
-rw-r--r--contrib/sendmail/src/conf.c2
-rw-r--r--contrib/sendmail/src/parseaddr.c15
-rw-r--r--contrib/sendmail/src/version.c2
-rw-r--r--sys/conf/newvers.sh2
5 files changed, 20 insertions, 4 deletions
diff --git a/UPDATING b/UPDATING
index b1c9441dca62..d1eccebac0a3 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20030329: p7 FreeBSD-SA-03:??.sendmail
+ sendmail address parsing buffer overflow.
+
20030321: p6 FreeBSD-SA-03:06.openssl
enable RSA blinding by default
fix PKCS #1 v1.5 padding vulnerability
diff --git a/contrib/sendmail/src/conf.c b/contrib/sendmail/src/conf.c
index e97b09d515fe..3f6db15774e1 100644
--- a/contrib/sendmail/src/conf.c
+++ b/contrib/sendmail/src/conf.c
@@ -332,6 +332,8 @@ setdefaults(e)
DontProbeInterfaces = DPI_PROBEALL;
DoubleBounceAddr = "postmaster";
MaxHeadersLength = MAXHDRSLEN;
+ MaxMimeHeaderLength = MAXLINE;
+ MaxMimeFieldLength = MaxMimeHeaderLength / 2;
MaxForwardEntries = 0;
FastSplit = 1;
#if SASL
diff --git a/contrib/sendmail/src/parseaddr.c b/contrib/sendmail/src/parseaddr.c
index 305a789e16e8..ac2576c1a9be 100644
--- a/contrib/sendmail/src/parseaddr.c
+++ b/contrib/sendmail/src/parseaddr.c
@@ -608,7 +608,7 @@ unsigned char TokTypeNoC[256] =
};
-#define NOCHAR -1 /* signal nothing in lookahead token */
+#define NOCHAR (-1) /* signal nothing in lookahead token */
char **
prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
@@ -694,6 +694,7 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
/* see if there is room */
if (q >= &pvpbuf[pvpbsize - 5])
{
+ addrtoolong:
usrerr("553 5.1.1 Address too long");
if (strlen(addr) > MAXNAME)
addr[MAXNAME] = '\0';
@@ -705,11 +706,15 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
}
/* squirrel it away */
+#if !ALLOW_255
+ if ((char) c == (char) -1 && !tTd(82, 101))
+ c &= 0x7f;
+#endif /* !ALLOW_255 */
*q++ = c;
}
/* read a new input character */
- c = *p++;
+ c = (*p++) & 0x00ff;
if (c == '\0')
{
/* diagnose and patch up bad syntax */
@@ -764,6 +769,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
}
else if (c != '!' || state == QST)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\\';
continue;
}
@@ -849,6 +857,9 @@ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
/* new token */
if (tok != q)
{
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ goto addrtoolong;
*q++ = '\0';
if (tTd(22, 36))
{
diff --git a/contrib/sendmail/src/version.c b/contrib/sendmail/src/version.c
index 882233357f83..8a9183f74683 100644
--- a/contrib/sendmail/src/version.c
+++ b/contrib/sendmail/src/version.c
@@ -15,4 +15,4 @@
SM_RCSID("@(#)$Id: version.c,v 8.104.2.5 2002/08/24 16:27:21 ca Exp $")
-char Version[] = "8.12.6";
+char Version[] = "8.12.6p2";
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 0d5d98d8fb02..0f9c00a6e598 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="5.0"
-BRANCH="RELEASE-p6"
+BRANCH="RELEASE-p7"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"