Commit | Line | Data |
---|---|---|
01e60269 AM |
1 | From e5b942ae007d0533fbd599c64d550f3a8355b940 Mon Sep 17 00:00:00 2001 |
2 | From: Jeremy Harris <jgh146exb@wizmail.org> | |
3 | Date: Thu, 21 Mar 2019 20:01:03 +0000 | |
4 | Subject: [PATCH] Harden plaintext authenticator | |
5 | ||
6 | Cherry-picked from: f9fc942757 | |
7 | --- | |
8 | doc/ChangeLog | 5 +++++ | |
9 | src/auths/plaintext.c | 6 +----- | |
10 | 2 files changed, 6 insertions(+), 5 deletions(-) | |
11 | ||
12 | diff --git a/doc/ChangeLog b/doc/ChangeLog | |
13 | index 3d63725f..c34e60d1 100644 | |
14 | --- a/doc/ChangeLog | |
15 | +++ b/doc/ChangeLog | |
16 | @@ -32,10 +32,15 @@ JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was | |
17 | used both for input and for a verify callout, both encrypted, SMTP | |
18 | responses being sent by the server could be lost. This resulted in | |
19 | dropped connections and sometimes bounces generated by a peer sending | |
20 | to this system. | |
21 | ||
22 | +JH/11 Harden plaintext authenticator against a badly misconfigured client-send | |
23 | + string. Previously it was possible to cause undefined behaviour in a | |
24 | + library routine (usually a crash). Found by "zerons". | |
25 | + | |
26 | + | |
27 | ||
28 | Exim version 4.92 | |
29 | ----------------- | |
30 | ||
31 | JH/01 Remove code calling the customisable local_scan function, unless a new | |
32 | diff --git a/src/auths/plaintext.c b/src/auths/plaintext.c | |
33 | index 7a0f7885..fa05b0ad 100644 | |
34 | --- a/src/auths/plaintext.c | |
35 | +++ b/src/auths/plaintext.c | |
36 | @@ -221,15 +221,11 @@ while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size))) | |
37 | for (i = 0; i < len; i++) | |
38 | if (ss[i] == '^') | |
39 | if (ss[i+1] != '^') | |
40 | ss[i] = 0; | |
41 | else | |
42 | - { | |
43 | - i++; | |
44 | - len--; | |
45 | - memmove(ss + i, ss + i + 1, len - i); | |
46 | - } | |
47 | + if (--len > ++i) memmove(ss + i, ss + i + 1, len - i); | |
48 | ||
49 | /* The first string is attached to the AUTH command; others are sent | |
50 | unembellished. */ | |
51 | ||
52 | if (first) | |
53 | -- | |
54 | 2.20.1 | |
55 |