Subversion Repositories libspf2

Compare Revisions

Ignore whitespace Rev 97 → Rev 98

/trunk/debian/changelog
1,3 → 1,12
libspf2 (1.2.10-7.1) unstable; urgency=medium
 
* Non-maintainer upload.
* spf_compile.c: Correct size of ds_avail (CVE-2021-20314)
* Sanity check for sprintf
* Fixed 'reverse' macro modifier
 
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 08 Aug 2021 13:46:49 +0200
 
libspf2 (1.2.10-7) unstable; urgency=low
 
* error_results.patch: Return information to use in the mail header and
/trunk/debian/patches/Fixed-reverse-macro-modifier.patch
0,0 → 1,51
From: Nathaniel <me@nathanielbennett.com>
Date: Tue, 8 Jun 2021 20:02:52 -0400
Subject: Fixed 'reverse' macro modifier
Origin: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
 
---
src/libspf2/spf_expand.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
 
diff --git a/src/libspf2/spf_expand.c b/src/libspf2/spf_expand.c
index 25689da11e84..f93005d26f44 100644
--- a/src/libspf2/spf_expand.c
+++ b/src/libspf2/spf_expand.c
@@ -86,7 +86,7 @@ SPF_record_expand_data(SPF_server_t *spf_server,
{
SPF_data_t *d, *data_end;
- size_t len;
+ size_t len, label_len;
const char *p_err; // XXX Check this value, when returned.
char *p, *p_end;
const char *p_read;
@@ -300,9 +300,9 @@ top:
if ( SPF_delim_valid(d, *p_read) ) {
/* Subtract 1 because p_read points to delim, and
* p_read_end points to the following delim. */
- len = p_read_end - p_read - 1;
- memcpy( p_write, p_read + 1, len );
- p_write += len;
+ label_len = p_read_end - p_read - 1;
+ memcpy( p_write, p_read + 1, label_len );
+ p_write += label_len;
*p_write++ = '.';
p_read_end = p_read;
@@ -314,9 +314,9 @@ top:
* string. p_read_end might also point there if the string
* starts with a delimiter. */
if (p_read_end >= p_read) {
- len = p_read_end - p_read - 1;
- memcpy( p_write, p_read + 1, len );
- p_write += len;
+ label_len = p_read_end - p_read - 1;
+ memcpy( p_write, p_read + 1, label_len );
+ p_write += label_len;
*p_write++ = '.';
}
--
2.20.1
 
/trunk/debian/patches/Sanity-check-for-sprintf.patch
0,0 → 1,28
From: Nathaniel <me@nathanielbennett.com>
Date: Tue, 8 Jun 2021 06:43:29 -0400
Subject: Sanity check for sprintf
Origin: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d
 
---
src/libspf2/spf_expand.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
 
diff --git a/src/libspf2/spf_expand.c b/src/libspf2/spf_expand.c
index e7f5a26f3e1b..25689da11e84 100644
--- a/src/libspf2/spf_expand.c
+++ b/src/libspf2/spf_expand.c
@@ -398,10 +398,7 @@ top:
break;
default:
- /* No point doing snprintf with a const '4'
- * because we know we're going to get 4
- * characters anyway. */
- sprintf( p_write, "%%%02x", *p_read );
+ snprintf( p_write, 4, "%%%02x", (unsigned char) *p_read );
p_write += 3;
p_read++;
break;
--
2.20.1
 
/trunk/debian/patches/series
2,3 → 2,6
abolish-spf-rrtype.patch
gcc5-variadicmacros.patch
error_results.patch
spf_compile.c-Correct-size-of-ds_avail.patch
Sanity-check-for-sprintf.patch
Fixed-reverse-macro-modifier.patch
/trunk/debian/patches/spf_compile.c-Correct-size-of-ds_avail.patch
0,0 → 1,26
From: Shevek <shevek@anarres.org>
Date: Sat, 5 Jun 2021 21:39:04 -0700
Subject: spf_compile.c: Correct size of ds_avail.
Origin: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-20314
 
---
src/libspf2/spf_compile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index ff02f8718b30..b08ffe204eba 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,7 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
/* Magic numbers for x/Nc in gdb. */ \
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
dst = SPF_data_str( data ); \
- ds_avail = _avail; \
+ ds_avail = _avail - sizeof(SPF_data_t); \
ds_len = 0; \
} while(0)
--
2.32.0