[ssmtp/el5/master] * Tue Jul 27 2010 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-15 - fix regressio
Manuel Wolfshant
wolfy at fedoraproject.org
Fri Jul 30 06:59:35 UTC 2010
commit d2093f1f229f142d8527306ee6037851a8f2c620
Author: Manuel Wolfshant <wolfy at fedoraproject.org>
Date: Fri Jul 30 09:59:29 2010 +0300
* Tue Jul 27 2010 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-15
- fix regression created by the patch for standardise() -- Buffer overflow
ssmtp-standardise.patch | 115 +++++++++++++++++++++++++++--------------------
ssmtp.spec | 5 ++-
2 files changed, 70 insertions(+), 50 deletions(-)
---
diff --git a/ssmtp-standardise.patch b/ssmtp-standardise.patch
index 6ffcec5..e6ea2c3 100644
--- a/ssmtp-standardise.patch
+++ b/ssmtp-standardise.patch
@@ -1,7 +1,6 @@
-diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
---- ssmtp-2.61/ssmtp.c.orig 2010-04-20 02:35:29.787660523 +0300
-+++ ssmtp-2.61/ssmtp.c 2010-04-20 02:49:49.010048173 +0300
-@@ -351,28 +351,26 @@ char *append_domain(char *str)
+--- ssmtp-2.61/ssmtp.c 2010-07-27 11:07:30.168848495 +0300
++++ /tmp/ssmtp.c 2010-07-27 11:23:57.638733007 +0300
+@@ -351,28 +351,27 @@ char *append_domain(char *str)
/*
standardise() -- Trim off '\n's and double leading dots
*/
@@ -10,7 +9,7 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
{
size_t sl;
char *p;
--
+
- if((p = strchr(str, '\n'))) {
- *p = (char)NULL;
- }
@@ -18,31 +17,30 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
/* Any line beginning with a dot has an additional dot inserted;
- not just a line consisting solely of a dot. Thus we have to slide
-- the buffer down one */
-- sl = strlen(str);
+ not just a line consisting solely of a dot. Thus we have to move
-+ the buffer start up one */
+ the buffer down one */
+- sl = strlen(str);
- if(*str == '.') {
- if((sl + 2) > BUF_SZ) {
- die("standardise() -- Buffer overflow");
- }
- (void)memmove((str + 1), str, (sl + 1)); /* Copy trailing \0 */
-+ if(*linestart && *str == '.') {
-+ leadingdot = True;
-+ }
-+ *linestart = False;
++ if(*linestart && *str == '.') {
++ leadingdot = True;
++ }
++ *linestart = False;
++ if((p = strchr(str, '\n'))) {
++ *p = (char)NULL;
++ *linestart = True;
- *str = '.';
-+ if((p = strchr(str, '\n'))) {
-+ *p = (char)NULL;
-+ *linestart = True;
}
+ return(leadingdot);
}
/*
-@@ -1417,12 +1415,12 @@ smtp_write() -- A printf to an fd and ap
+@@ -1417,12 +1416,12 @@ smtp_write() -- A printf to an fd and ap
*/
ssize_t smtp_write(int fd, char *format, ...)
{
@@ -57,7 +55,7 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
die("smtp_write() -- vsnprintf() failed");
}
va_end(ap);
-@@ -1460,16 +1458,18 @@ ssmtp() -- send the message (exactly one
+@@ -1460,16 +1459,18 @@ ssmtp() -- send the message (exactly one
*/
int ssmtp(char *argv[])
{
@@ -70,7 +68,7 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
int i, sock;
uid_t uid;
- bool_t minus_v_save;
-+ bool_t minus_v_save, leadingdot, linestart = True;
++ bool_t minus_v_save, leadingdot, linestart = True;;
int timeout = 0;
+ int bufsize = sizeof(b)-1;
@@ -78,7 +76,7 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
outbytes = 0;
ht = &headers;
-@@ -1552,12 +1552,12 @@ int ssmtp(char *argv[])
+@@ -1552,12 +1553,12 @@ int ssmtp(char *argv[])
}
strncpy(challenge, strchr(buf,' ') + 1, sizeof(challenge));
@@ -93,7 +91,7 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
to64frombits(buf, auth_user, strlen(auth_user));
if (use_oldauth) {
outbytes += smtp_write(sock, "AUTH LOGIN %s", buf);
-@@ -1569,7 +1569,7 @@ int ssmtp(char *argv[])
+@@ -1569,7 +1570,7 @@ int ssmtp(char *argv[])
die("Server didn't like our AUTH LOGIN (%s)", buf);
}
/* we assume server asked us for Username */
@@ -102,7 +100,7 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
to64frombits(buf, auth_user, strlen(auth_user));
outbytes += smtp_write(sock, buf);
}
-@@ -1578,7 +1578,7 @@ int ssmtp(char *argv[])
+@@ -1578,7 +1579,7 @@ int ssmtp(char *argv[])
if(smtp_read(sock, buf) != 3) {
die("Server didn't accept AUTH LOGIN (%s)", buf);
}
@@ -111,41 +109,60 @@ diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
to64frombits(buf, auth_pass, strlen(auth_pass));
#ifdef MD5AUTH
-@@ -1689,7 +1689,7 @@ int ssmtp(char *argv[])
+@@ -1687,28 +1688,41 @@ int ssmtp(char *argv[])
+ stdio functions like fgets in the first place */
+ fcntl(STDIN_FILENO,F_SETFL,O_NONBLOCK);
- /* don't hang forever when reading from stdin */
- while(!feof(stdin) && timeout < MEDWAIT) {
+- /* don't hang forever when reading from stdin */
+- while(!feof(stdin) && timeout < MEDWAIT) {
- if (!fgets(buf, sizeof(buf), stdin)) {
-+ if (!fgets(buf, bufsize, stdin)) {
- /* if nothing was received, then no transmission
- * over smtp should be done */
- sleep(1);
-@@ -1697,12 +1697,25 @@ int ssmtp(char *argv[])
- continue;
+- /* if nothing was received, then no transmission
+- * over smtp should be done */
+- sleep(1);
+- timeout++;
+- continue;
++ while(!feof(stdin)) {
++ if (!fgets(buf, bufsize, stdin)) {
++ /* if nothing was received, then no transmission
++ * over smtp should be done */
++ sleep(1);
++ /* don't hang forever when reading from stdin */
++ if (++timeout >= MEDWAIT) {
++ log_event(LOG_ERR, "killed: timeout on stdin while reading body -- message saved to dead.letter.");
++ die("Timeout on stdin while reading body");
++ }
++ continue;
}
/* Trim off \n, double leading .'s */
- standardise(buf);
--
++ leadingdot = standardise(buf, &linestart);
+
- outbytes += smtp_write(sock, "%s", buf);
-+ leadingdot = standardise(buf, &linestart);
++ if (linestart || feof(stdin)) {
++ linestart = True;
++ outbytes += smtp_write(sock, "%s", leadingdot ? b : buf);
++ } else {
++ if (log_level > 0) {
++ log_event(LOG_INFO, "Sent a very long line in chunks");
++ }
++ if (leadingdot) {
++ outbytes += fd_puts(sock, b, sizeof(b));
++ } else {
++ outbytes += fd_puts(sock, buf, bufsize);
++ }
++ }
-+ if (linestart) {
-+ outbytes += smtp_write(sock, "%s", leadingdot ? b : buf);
-+ } else {
-+ if (log_level > 0) {
-+ log_event(LOG_INFO, "Sent a very long line in chunks");
-+ }
-+ if (leadingdot) {
-+ outbytes += fd_puts(sock, b, sizeof(b));
-+ } else {
-+ outbytes += fd_puts(sock, buf, bufsize);
-+ }
-+ }
(void)alarm((unsigned) MEDWAIT);
}
-+ if(feof(stdin) && !linestart) {
-+ smtp_write(sock, "");
-+ }
- /* End of body */
+- /* End of body */
+-
+- if (timeout >= MEDWAIT) {
+- log_event(LOG_ERR, "killed: timeout on stdin while reading body -- message saved to dead.letter.");
+- die("Timeout on stdin while reading body");
++ if(!linestart) {
++ smtp_write(sock, "");
+ }
++ /* End of body */
- if (timeout >= MEDWAIT) {
+ outbytes += smtp_write(sock, ".");
+ (void)alarm((unsigned) MAXWAIT);
diff --git a/ssmtp.spec b/ssmtp.spec
index 477f5b5..b106f48 100644
--- a/ssmtp.spec
+++ b/ssmtp.spec
@@ -1,6 +1,6 @@
Name: ssmtp
Version: 2.61
-Release: 14%{?dist}
+Release: 15%{?dist}
Summary: Extremely simple MTA to get mail off the system to a Mailhub
Group: Applications/Internet
License: GPLv2+
@@ -153,6 +153,9 @@ fi
%changelog
+* Tue Jul 27 2010 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-15
+- fix regression created by the patch for standardise() -- Buffer overflow
+
* Tue Apr 20 2010 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> 2.61-14
- use Fedora's default TLS cert path (close #553734)
- add Debian's patch for "send-mail: standardise() -- Buffer overflow"
More information about the scm-commits
mailing list