From: Todd Lyons Date: Fri, 18 Jul 2014 18:42:08 +0000 (-0700) Subject: Documentation/Tests for CVE-2014-2972 fix X-Git-Tag: exim-4_83^0 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/0de7239e563eff6e83c3e72d7deb9fd26a54a3a7?ds=sidebyside Documentation/Tests for CVE-2014-2972 fix --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 770b106a5..61086c7e2 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -150,6 +150,10 @@ PP/02 Fix internal collision of T_APL on systems which support RFC3123 JH/28 Fix parsing of MIME headers for parameters with quoted semicolons. +TL/15 SECURITY: prevent double expansion in math comparison functions + (can expand unsanitized data). Not remotely exploitable. + CVE-2014-2972 + Exim version 4.82 ----------------- diff --git a/test/aux-fixed/0002.lsearch b/test/aux-fixed/0002.lsearch index dcf198b70..5cd6b1aa0 100644 --- a/test/aux-fixed/0002.lsearch +++ b/test/aux-fixed/0002.lsearch @@ -1,2 +1,3 @@ ten-1.test.ex 10.0.0.2 +trick: ${substr_2_2:65535} diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002 index 7b6c34b3e..51dc6ae48 100644 --- a/test/scripts/0000-Basic/0002 +++ b/test/scripts/0000-Basic/0002 @@ -331,6 +331,7 @@ mask: ${if eq {1}{2}{${mask:invalid}}{NO}} 5>3m: ${if >{5 } {3m }{y}{n}} 5>3z: ${if >{5 } {3z }{y}{n}} 5>a: ${if >{ 5 } {a}{y}{n}} +5>bad: ${if >{5 } {${lookup{trick}lsearch{DIR/aux-fixed/0002.lsearch}}} {y}{n}} >0: ${if > {}{0}{y}{n}} =: ${if = {}{}{y}{n}} diff --git a/test/stdout/0002 b/test/stdout/0002 index 64e571944..7200bf3a7 100644 --- a/test/stdout/0002 +++ b/test/stdout/0002 @@ -304,6 +304,7 @@ > 5>3m: n > Failed: invalid integer "3z " > Failed: integer expected but "a" found +> Failed: integer expected but "${substr_2_2:65535}" found > > >0: n > =: y