[exim/el6] Backported fix for CVE-2012-5671

[Jaroslav Škarvada]

commit 4367a40e334c3361cc4a6cca5a64e8008a7ce33f
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date:   Fri Oct 26 11:15:38 2012 +0200

    Backported fix for CVE-2012-5671
    
      Resolves: CVE-2012-5671

 exim-4.72-CVE-2012-5671.patch |   25 +++++++++++++++++++++++++
 exim.spec                     |   10 ++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)
---
diff --git a/exim-4.72-CVE-2012-5671.patch b/exim-4.72-CVE-2012-5671.patch
new file mode 100644
index 0000000..9687101
--- /dev/null
+++ b/exim-4.72-CVE-2012-5671.patch
@@ -0,0 +1,25 @@
+--- a/src/dkim.c	
++++ a/src/dkim.c	
+@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
+                "%.*s", (int)len, (char *)((rr->data)+rr_offset));
+       rr_offset+=len;
+       answer_offset+=len;
++      if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
++        return PDKIM_FAIL;
++      }
+     }
+   }
+   else return PDKIM_FAIL;
+--- a/src/pdkim/pdkim.h	
++++ a/src/pdkim/pdkim.h	
+@@ -27,8 +27,8 @@ 
+ 
+ /* -------------------------------------------------------------------------- */
+ /* Length of the preallocated buffer for the "answer" from the dns/txt
+-   callback function. */
+-#define PDKIM_DNS_TXT_MAX_RECLEN    4096
++   callback function. This should match the maximum RDLENGTH from DNS. */
++#define PDKIM_DNS_TXT_MAX_RECLEN    (1 << 16)
+ 
+ /* -------------------------------------------------------------------------- */
+ /* Function success / error codes */
diff --git a/exim.spec b/exim.spec
index 8f492a5..1d2f60e 100644
--- a/exim.spec
+++ b/exim.spec
@@ -12,7 +12,7 @@
 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.72
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@@ -61,7 +61,7 @@ Patch36: exim-4.72-0006-CVE-2010-4345.patch
 Patch37: exim-4.72-0007-CVE-2010-4345.patch
 Patch38: exim-4.72-0008-CVE-2010-4345.patch
 Patch39: exim-4.72-0009-CVE-2010-4345.patch
-
+Patch40: exim-4.72-CVE-2012-5671.patch
 
 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
@@ -203,6 +203,8 @@ greylisting unconditional.
 %patch38 -p2 -b .0008
 %patch39 -p2 -b .0009
 
+%patch40 -p1 -b .CVE-2012-5671
+
 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
 sed -i 's@^# AUTH_LIBS=-lsasl2 at AUTH_LIBS=-lsasl2@' Local/Makefile
@@ -521,6 +523,10 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 
 %changelog
+* Thu Oct 25 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 4.72-3
+- Backported fix for CVE-2012-5671
+  Resolves: CVE-2012-5671
+
 * Wed May 18 2011 Mark Chappell <tremble at tremble.org.uk> 4.72-2
 - Backport various security fixes 
 - (CVE-2011-1407 CVE-2011-0017 CVE-2010-4345)