git://git.exim.org / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: a453e37)
Merge 4.80.1 security fix in.
authorPhil Pennock <pdp@exim.org>
Sat, 27 Oct 2012 00:30:27 +0000 (20:30 -0400)
committerPhil Pennock <pdp@exim.org>
Sat, 27 Oct 2012 00:30:27 +0000 (20:30 -0400)
Merge commit '4263f395efd136dece52d765dfcff3c96f17506e'

Amendment to ChangeLog to handle changes.

doc/doc-txt/ChangeLog patch | blob | history
src/src/dkim.c patch | blob | history
src/src/pdkim/pdkim.h patch | blob | history

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index db1c5254c21d9cd5c8d97978d87692a279de0019..8daf3578eacee2a32ad8598742d804e36eb1c32b 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -81,6 +81,16 @@ JH/09 Add $headers_added variable, with content from use of ACL modifier
 JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
       Pulled from Bugzilla 817 by Wolfgang Breyha.
 
+PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
+      CVE-2012-5671
+
+
+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+      CVE-2012-5671
+      This, or similar/improved, will also be change PP/11 of 4.81.
 
 
 Exim version 4.80
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 87e91dea25ab1c62fd45cf6a65c1bf125d35af6d..05b5fec56e62073f4f5d1d1640ee42d7ca782bad 100644 (file)
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
                "%.*s", (int)len, (char *)((rr->data)+rr_offset));
       rr_offset+=len;
       answer_offset+=len;
+      if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
+        return PDKIM_FAIL;
+      }
     }
   }
   else return PDKIM_FAIL;
diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 764cc83be87c510f10f3392f2710d00c6592b3b8..1d364a3c9dd9ad16495615f339484ea0097845ae 100644 (file)
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -27,8 +27,8 @@
 
 /* -------------------------------------------------------------------------- */
 /* Length of the preallocated buffer for the "answer" from the dns/txt
-   callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN    4096
+   callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN    (1 << 16)
 
 /* -------------------------------------------------------------------------- */
 /* Function success / error codes */
Master Exim source repository