git://git.exim.org / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f06dcd)
SECURITY: default recipients_max to 50,000
authorPhil Pennock <phil+git@pennock-tech.com>
Fri, 30 Oct 2020 01:38:25 +0000 (21:38 -0400)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:23 +0000 (00:40 +0200)
A default of "unlimited" can have unfortunate consequences when people start
putting many millions of recipients on a message.

(cherry picked from commit 1d7780722a66cea8da5fa4ae0775e85d185fbf7e)

doc/doc-docbook/spec.xfpt patch | blob | history
doc/doc-txt/ChangeLog patch | blob | history
doc/doc-txt/OptionLists.txt patch | blob | history
src/src/globals.c patch | blob | history

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 44687112556387182ed87aeb31f2bc968ecc84f1..9c66f5cc9d9162c20095f24e3af90885db7bca35 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17200,7 +17200,7 @@ or if the message was submitted locally (not using TCP/IP), and the &%-bnq%&
 option was not set.
 
 
-.option recipients_max main integer 0
+.option recipients_max main integer 50000
 .cindex "limit" "number of recipients"
 .cindex "recipient" "maximum number"
 If this option is set greater than zero, it specifies the maximum number of
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b6d5067ec19610af3c0b4875048c7cdfbb4af962..055b1ace82d1575b371eb65de6447c0d6691fc35 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -189,6 +189,8 @@ PP/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
 PP/07 Refuse to allocate too little memory, block negative/zero allocations.
       Security guard.
 
+PP/08 Change default for recipients_max from unlimited to 50,000.
+
 
 Exim version 4.94
 -----------------
diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
index 8b2dee352806369f46e9cc711e38abaa38a62883..99e87067aa1ce9185c175f5b837e2972e6714da5 100644 (file)
--- a/doc/doc-txt/OptionLists.txt
+++ b/doc/doc-txt/OptionLists.txt
@@ -464,7 +464,7 @@ receive_timeout                      time            0s            main
 received_header_text                 string*         +             main
 received_headers_max                 integer         30            main
 recipient_unqualified_hosts          host list       unset         main              4.00 replacing receiver_unqualified_hosts
-recipients_max                       integer         0             main              1.60
+recipients_max                       integer         50000         main              1.60 default changed in 4.95 (was 0)
 recipients_max_reject                boolean         false         main              1.70
 redirect_router                      string          unset         routers           4.00
 remote_max_parallel                  integer         1             main
diff --git a/src/src/globals.c b/src/src/globals.c
index c34ac9dddc91a9a96895eecdc3c3b4bfa6e028cb..532eed27fe5edc100b1d3d9a8409fddac69c0427 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1272,7 +1272,7 @@ uschar *recipient_verify_failure = NULL;
 int     recipients_count       = 0;
 recipient_item  *recipients_list = NULL;
 int     recipients_list_max    = 0;
-int     recipients_max         = 0;
+int     recipients_max         = 50000;
 const pcre *regex_AUTH         = NULL;
 const pcre *regex_check_dns_names = NULL;
 const pcre *regex_From         = NULL;
Master Exim source repository