diff options
| author | clive <clive@FreeBSD.org> | 2002-11-24 10:46:58 +0000 |
|---|---|---|
| committer | clive <clive@FreeBSD.org> | 2002-11-24 10:46:58 +0000 |
| commit | 46eb436ac0021dde11fdb0402729589eaf6faed5 (patch) | |
| tree | 235f0a92ac82f3dc87faed165d4f7fe4d1f0abb3 /mail/nullmailer | |
| parent | eedecb1694928a7fc1c91116fd4f3f796a79d569 (diff) | |
| download | FreeBSD-ports-46eb436ac0021dde11fdb0402729589eaf6faed5.zip FreeBSD-ports-46eb436ac0021dde11fdb0402729589eaf6faed5.tar.gz | |
Fix a possible denial of service vulnerability.
After this patch, the action of piping mails out won't stop,
even if all of your mails were failed to deliver. Nullmailer
itself will keep throwing mails to smart relay as long as
there're incoming mails, no matter how broken the recipients
of the previous mails.
Still leave this port in FORBIDDEN state until I address
PR ports/45152
Obtained from: http://www.debian.org/security/2002/dsa-198
Noted by: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
Diffstat (limited to 'mail/nullmailer')
| -rw-r--r-- | mail/nullmailer/files/patch-send.cc | 10 | ||||
| -rw-r--r-- | mail/nullmailer/files/patch-sendmail.cc | 11 | ||||
| -rw-r--r-- | mail/nullmailer/files/patch-smtp.cc | 14 |
3 files changed, 35 insertions, 0 deletions
diff --git a/mail/nullmailer/files/patch-send.cc b/mail/nullmailer/files/patch-send.cc index f1e579d..3329b8d 100644 --- a/mail/nullmailer/files/patch-send.cc +++ b/mail/nullmailer/files/patch-send.cc @@ -8,3 +8,13 @@ #include "configio.h" #include "defines.h" #include "errcodes.h" +@@ -233,8 +234,7 @@ + << itoa(files.count()) << " message(s) in queue." << endl; + for(rlist::iter remote(remotes); remote; remote++) { + for(slist::iter file(files); file; files.remove(file)) { +- if(!send_one(*file, *remote)) +- break; ++ send_one(*file, *remote); + } + } + fout << "Delivery complete, " diff --git a/mail/nullmailer/files/patch-sendmail.cc b/mail/nullmailer/files/patch-sendmail.cc new file mode 100644 index 0000000..2c83bb4 --- /dev/null +++ b/mail/nullmailer/files/patch-sendmail.cc @@ -0,0 +1,11 @@ +--- src/sendmail.cc ++++ src/sendmail.cc +@@ -84,7 +84,7 @@ + str[varlen] = '='; + memcpy(str+varlen+1, val, vallen); + str[varlen+vallen+1] = 0; +- return putenv(str); ++ return putenv(strdup(str)); + } + #endif + diff --git a/mail/nullmailer/files/patch-smtp.cc b/mail/nullmailer/files/patch-smtp.cc new file mode 100644 index 0000000..55a0cfb --- /dev/null +++ b/mail/nullmailer/files/patch-smtp.cc @@ -0,0 +1,14 @@ +--- protocols/smtp.cc ++++ protocols/smtp.cc +@@ -120,9 +120,8 @@ + docmd("DATA", 300); + mystring tmp; + while(msg->getline(tmp)) { +- if((tmp[0] == '.' && tmp[1] == 0 && !(out << ".")) || +- !(out << tmp << "\r\n")) +- exit(ERR_MSG_WRITE); ++ if(tmp[0] == '.' && !(out << ".")) exit(ERR_MSG_WRITE); ++ if(!(out << tmp << "\r\n")) exit(ERR_MSG_WRITE); + } + docmd(".", 200); + } |
