Blame | Last modification | View Log | RSS feed
#! /bin/sh /usr/share/dpatch/dpatch-run
## 52_compile_bufoverflow.dpatch by Magnus Holmgren <holmgren@debian.org>
##
## DP: Prevent buffer overflows from mechanisms with huge domainspecs.
## DP: As suggested by upstream.
@DPATCH@
diff -urNad lenny~/src/libspf2/spf_compile.c lenny/src/libspf2/spf_compile.c
--- lenny~/src/libspf2/spf_compile.c 2008-11-04 21:51:22.000000000 +0100
+++ lenny/src/libspf2/spf_compile.c 2008-11-04 21:53:22.000000000 +0100
@@ -711,6 +711,9 @@
SPF_errcode_t err;
+ if (strlen(*mech_value) > (sizeof(buf) >> 1))
+ return SPF_E_BIG_MECH;
+
memset(buf, 'B', sizeof(buf)); /* Poison the buffer. */
memset(spf_mechanism, 0, sizeof(SPF_mech_t));
@@ -858,6 +861,9 @@
SPF_errcode_t err;
+ if (strlen(*mod_value) > (sizeof(buf) >> 1))
+ return SPF_E_BIG_MOD;
+
memset(buf, 'A', sizeof(buf));
memset(spf_modifier, 0, sizeof(SPF_mod_t));