0,0 → 1,30 |
#! /bin/sh /usr/share/dpatch/dpatch-run |
## 52_compile_bufoverflow.dpatch by Magnus Holmgren <holmgren@debian.org> |
## |
## DP: Prevent buffer overflows from mechanisms with huge domainspecs. |
## DP: As suggested by upstream. |
|
@DPATCH@ |
diff -urNad lenny~/src/libspf2/spf_compile.c lenny/src/libspf2/spf_compile.c |
--- lenny~/src/libspf2/spf_compile.c 2008-11-04 21:51:22.000000000 +0100 |
+++ lenny/src/libspf2/spf_compile.c 2008-11-04 21:53:22.000000000 +0100 |
@@ -711,6 +711,9 @@ |
|
SPF_errcode_t err; |
|
+ if (strlen(*mech_value) > (sizeof(buf) >> 1)) |
+ return SPF_E_BIG_MECH; |
+ |
memset(buf, 'B', sizeof(buf)); /* Poison the buffer. */ |
memset(spf_mechanism, 0, sizeof(SPF_mech_t)); |
|
@@ -858,6 +861,9 @@ |
|
SPF_errcode_t err; |
|
+ if (strlen(*mod_value) > (sizeof(buf) >> 1)) |
+ return SPF_E_BIG_MOD; |
+ |
memset(buf, 'A', sizeof(buf)); |
memset(spf_modifier, 0, sizeof(SPF_mod_t)); |
|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |