WebSVN - Rev 39 - /branches/lenny/debian/patches/52_compile

#! /bin/sh /usr/share/dpatch/dpatch-run
## 52_compile_bufoverflow.dpatch by Magnus Holmgren <holmgren@debian.org>
##
## DP: Prevent buffer overflows from mechanisms with huge domainspecs.
## DP: As suggested by upstream.

@DPATCH@
diff -urNad lenny~/src/libspf2/spf_compile.c lenny/src/libspf2/spf_compile.c
--- lenny~/src/libspf2/spf_compile.c    2008-11-04 21:51:22.000000000 +0100
+++ lenny/src/libspf2/spf_compile.c     2008-11-04 21:53:22.000000000 +0100
@@ -711,6 +711,9 @@
 
        SPF_errcode_t            err;
 
+       if (strlen(*mech_value) > (sizeof(buf) >> 1))
+               return SPF_E_BIG_MECH;
+
        memset(buf, 'B', sizeof(buf));  /* Poison the buffer. */
        memset(spf_mechanism, 0, sizeof(SPF_mech_t));
 
@@ -858,6 +861,9 @@
 
        SPF_errcode_t            err;
 
+       if (strlen(*mod_value) > (sizeof(buf) >> 1))
+               return SPF_E_BIG_MOD;
+
        memset(buf, 'A', sizeof(buf));
        memset(spf_modifier, 0, sizeof(SPF_mod_t));

Subversion Repositories

(root)/branches/lenny/debian/patches/52_compile_bufoverflow.dpatch @ 53 - Rev 39