/trunk/debian/changelog |
---|
1,3 → 1,12 |
libspf2 (1.2.10-7.1) unstable; urgency=medium |
* Non-maintainer upload. |
* spf_compile.c: Correct size of ds_avail (CVE-2021-20314) |
* Sanity check for sprintf |
* Fixed 'reverse' macro modifier |
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 08 Aug 2021 13:46:49 +0200 |
libspf2 (1.2.10-7) unstable; urgency=low |
* error_results.patch: Return information to use in the mail header and |
/trunk/debian/patches/Fixed-reverse-macro-modifier.patch |
---|
0,0 → 1,51 |
From: Nathaniel <me@nathanielbennett.com> |
Date: Tue, 8 Jun 2021 20:02:52 -0400 |
Subject: Fixed 'reverse' macro modifier |
Origin: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070 |
--- |
src/libspf2/spf_expand.c | 14 +++++++------- |
1 file changed, 7 insertions(+), 7 deletions(-) |
diff --git a/src/libspf2/spf_expand.c b/src/libspf2/spf_expand.c |
index 25689da11e84..f93005d26f44 100644 |
--- a/src/libspf2/spf_expand.c |
+++ b/src/libspf2/spf_expand.c |
@@ -86,7 +86,7 @@ SPF_record_expand_data(SPF_server_t *spf_server, |
{ |
SPF_data_t *d, *data_end; |
- size_t len; |
+ size_t len, label_len; |
const char *p_err; // XXX Check this value, when returned. |
char *p, *p_end; |
const char *p_read; |
@@ -300,9 +300,9 @@ top: |
if ( SPF_delim_valid(d, *p_read) ) { |
/* Subtract 1 because p_read points to delim, and |
* p_read_end points to the following delim. */ |
- len = p_read_end - p_read - 1; |
- memcpy( p_write, p_read + 1, len ); |
- p_write += len; |
+ label_len = p_read_end - p_read - 1; |
+ memcpy( p_write, p_read + 1, label_len ); |
+ p_write += label_len; |
*p_write++ = '.'; |
p_read_end = p_read; |
@@ -314,9 +314,9 @@ top: |
* string. p_read_end might also point there if the string |
* starts with a delimiter. */ |
if (p_read_end >= p_read) { |
- len = p_read_end - p_read - 1; |
- memcpy( p_write, p_read + 1, len ); |
- p_write += len; |
+ label_len = p_read_end - p_read - 1; |
+ memcpy( p_write, p_read + 1, label_len ); |
+ p_write += label_len; |
*p_write++ = '.'; |
} |
-- |
2.20.1 |
/trunk/debian/patches/Sanity-check-for-sprintf.patch |
---|
0,0 → 1,28 |
From: Nathaniel <me@nathanielbennett.com> |
Date: Tue, 8 Jun 2021 06:43:29 -0400 |
Subject: Sanity check for sprintf |
Origin: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d |
--- |
src/libspf2/spf_expand.c | 5 +---- |
1 file changed, 1 insertion(+), 4 deletions(-) |
diff --git a/src/libspf2/spf_expand.c b/src/libspf2/spf_expand.c |
index e7f5a26f3e1b..25689da11e84 100644 |
--- a/src/libspf2/spf_expand.c |
+++ b/src/libspf2/spf_expand.c |
@@ -398,10 +398,7 @@ top: |
break; |
default: |
- /* No point doing snprintf with a const '4' |
- * because we know we're going to get 4 |
- * characters anyway. */ |
- sprintf( p_write, "%%%02x", *p_read ); |
+ snprintf( p_write, 4, "%%%02x", (unsigned char) *p_read ); |
p_write += 3; |
p_read++; |
break; |
-- |
2.20.1 |
/trunk/debian/patches/series |
---|
2,3 → 2,6 |
abolish-spf-rrtype.patch |
gcc5-variadicmacros.patch |
error_results.patch |
spf_compile.c-Correct-size-of-ds_avail.patch |
Sanity-check-for-sprintf.patch |
Fixed-reverse-macro-modifier.patch |
/trunk/debian/patches/spf_compile.c-Correct-size-of-ds_avail.patch |
---|
0,0 → 1,26 |
From: Shevek <shevek@anarres.org> |
Date: Sat, 5 Jun 2021 21:39:04 -0700 |
Subject: spf_compile.c: Correct size of ds_avail. |
Origin: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef |
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-20314 |
--- |
src/libspf2/spf_compile.c | 2 +- |
1 file changed, 1 insertion(+), 1 deletion(-) |
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c |
index ff02f8718b30..b08ffe204eba 100644 |
--- a/src/libspf2/spf_compile.c |
+++ b/src/libspf2/spf_compile.c |
@@ -455,7 +455,7 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data, |
/* Magic numbers for x/Nc in gdb. */ \ |
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \ |
dst = SPF_data_str( data ); \ |
- ds_avail = _avail; \ |
+ ds_avail = _avail - sizeof(SPF_data_t); \ |
ds_len = 0; \ |
} while(0) |
-- |
2.32.0 |