CVE-2012-5671
malloc/heap overflow, with a 60kB window of overwrite.
Requires DNS under control of person sending email, leaves plenty of
evidence, but is very likely exploitable on OSes that have not been
well hardened.
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+ This, or similar/improved, will also be change PP/11 of 4.81.
+
+
Exim version 4.80
-----------------
"%.*s", (int)len, (char *)((rr->data)+rr_offset));
rr_offset+=len;
answer_offset+=len;
+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
+ return PDKIM_FAIL;
+ }
}
}
else return PDKIM_FAIL;
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
- callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
+ callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
/* -------------------------------------------------------------------------- */
/* Function success / error codes */
git://git.exim.org / exim.git / commitdiff