[exim/f17] Backported fix for CVE-2012-5671

Jaroslav Škarvada jskarvad at fedoraproject.org
Fri Oct 26 08:42:51 UTC 2012 

commit 396c3e87191c6248039bd67b14203a9d82d30d50
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date:   Fri Oct 26 10:42:47 2012 +0200

    Backported fix for CVE-2012-5671
    
      Resolves: CVE-2012-5671

 exim-4.76-CVE-2012-5671.patch |   25 +++++++++++++++++++++++++
 exim.spec                     |    8 +++++++-
 2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/exim-4.76-CVE-2012-5671.patch b/exim-4.76-CVE-2012-5671.patch
new file mode 100644
index 0000000..9687101
--- /dev/null
+++ b/exim-4.76-CVE-2012-5671.patch
@@ -0,0 +1,25 @@
+--- a/src/dkim.c	
++++ a/src/dkim.c	
+@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
+                "%.*s", (int)len, (char *)((rr->data)+rr_offset));
+       rr_offset+=len;
+       answer_offset+=len;
++      if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
++        return PDKIM_FAIL;
++      }
+     }
+   }
+   else return PDKIM_FAIL;
+--- a/src/pdkim/pdkim.h	
++++ a/src/pdkim/pdkim.h	
+@@ -27,8 +27,8 @@ 
+ 
+ /* -------------------------------------------------------------------------- */
+ /* Length of the preallocated buffer for the "answer" from the dns/txt
+-   callback function. */
+-#define PDKIM_DNS_TXT_MAX_RECLEN    4096
++   callback function. This should match the maximum RDLENGTH from DNS. */
++#define PDKIM_DNS_TXT_MAX_RECLEN    (1 << 16)
+ 
+ /* -------------------------------------------------------------------------- */
+ /* Function success / error codes */
diff --git a/exim.spec b/exim.spec
index 59b606c..dd8fad8 100644
--- a/exim.spec
+++ b/exim.spec
@@ -14,7 +14,7 @@
 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.76
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@@ -63,6 +63,7 @@ Patch22: exim-4.66-greylist-conf.patch
 Patch23: exim-4.67-smarthost-config.patch
 Patch25: exim-4.69-dynlookup-config.patch
 Patch26: exim-4.69-strictaliasing.patch
+Patch27: exim-4.76-CVE-2012-5671.patch
 
 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
@@ -217,6 +218,7 @@ greylisting unconditional.
 %patch23 -p1 -b .smarthost
 %patch25 -p1 -b .dynconfig
 %patch26 -p1 -b .strictaliasing
+%patch27 -p1 -b .CVE-2012-5671
 
 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@@ -606,6 +608,10 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 
 %changelog
+* Fri Oct 26 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 4.76-9
+- Backported fix for CVE-2012-5671
+  Resolves: CVE-2012-5671
+
 * Mon Feb  6 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 4.76-8
 - Workarounded wrong SELinux context of /var/log/clamd.exim

More information about the scm-commits mailing list