[exim/f17] Backported fix for CVE-2012-5671
Jaroslav Škarvada
jskarvad at fedoraproject.org
Fri Oct 26 08:42:51 UTC 2012
commit 396c3e87191c6248039bd67b14203a9d82d30d50
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Fri Oct 26 10:42:47 2012 +0200
Backported fix for CVE-2012-5671
Resolves: CVE-2012-5671
exim-4.76-CVE-2012-5671.patch | 25 +++++++++++++++++++++++++
exim.spec | 8 +++++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/exim-4.76-CVE-2012-5671.patch b/exim-4.76-CVE-2012-5671.patch
new file mode 100644
index 0000000..9687101
--- /dev/null
+++ b/exim-4.76-CVE-2012-5671.patch
@@ -0,0 +1,25 @@
+--- a/src/dkim.c
++++ a/src/dkim.c
+@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
+ "%.*s", (int)len, (char *)((rr->data)+rr_offset));
+ rr_offset+=len;
+ answer_offset+=len;
++ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
++ return PDKIM_FAIL;
++ }
+ }
+ }
+ else return PDKIM_FAIL;
+--- a/src/pdkim/pdkim.h
++++ a/src/pdkim/pdkim.h
+@@ -27,8 +27,8 @@
+
+ /* -------------------------------------------------------------------------- */
+ /* Length of the preallocated buffer for the "answer" from the dns/txt
+- callback function. */
+-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
++ callback function. This should match the maximum RDLENGTH from DNS. */
++#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
+
+ /* -------------------------------------------------------------------------- */
+ /* Function success / error codes */
diff --git a/exim.spec b/exim.spec
index 59b606c..dd8fad8 100644
--- a/exim.spec
+++ b/exim.spec
@@ -14,7 +14,7 @@
Summary: The exim mail transfer agent
Name: exim
Version: 4.76
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv2+
Url: http://www.exim.org/
Group: System Environment/Daemons
@@ -63,6 +63,7 @@ Patch22: exim-4.66-greylist-conf.patch
Patch23: exim-4.67-smarthost-config.patch
Patch25: exim-4.69-dynlookup-config.patch
Patch26: exim-4.69-strictaliasing.patch
+Patch27: exim-4.76-CVE-2012-5671.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: /etc/aliases
@@ -217,6 +218,7 @@ greylisting unconditional.
%patch23 -p1 -b .smarthost
%patch25 -p1 -b .dynconfig
%patch26 -p1 -b .strictaliasing
+%patch27 -p1 -b .CVE-2012-5671
cp src/EDITME Local/Makefile
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@@ -606,6 +608,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
%{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog
+* Fri Oct 26 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 4.76-9
+- Backported fix for CVE-2012-5671
+ Resolves: CVE-2012-5671
+
* Mon Feb 6 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 4.76-8
- Workarounded wrong SELinux context of /var/log/clamd.exim
More information about the scm-commits
mailing list