debian/patches/83_qsa-2019-exim4.patch

   1 From d740d2111f189760593a303124ff6b9b1f83453d Mon Sep 17 00:00:00 2001
   2 From: Jeremy Harris <jgh146exb@wizmail.org>
   3 Date: Mon, 27 May 2019 21:57:31 +0100
   4 Subject: [PATCH] Fix CVE-2019-10149
   5
   6 ---
   7 diff --git a/src/deliver.c b/src/deliver.c
   8 index 59256ac2c..45cc0723f 100644
   9 --- a/src/deliver.c
  10 +++ b/src/deliver.c
  11 @@ -6227,17 +6227,23 @@ if (process_recipients != RECIP_IGNORE)
  12         {
  13         uschar * save_local =  deliver_localpart;
  14         const uschar * save_domain = deliver_domain;
  15 +       uschar * addr = new->address, * errmsg = NULL;
  16 +       int start, end, dom;
  17
  18 -       deliver_localpart = expand_string(
  19 -                     string_sprintf("${local_part:%s}", new->address));
  20 -       deliver_domain =    expand_string(
  21 -                     string_sprintf("${domain:%s}", new->address));
  22 +       if (!parse_extract_address(addr, &errmsg, &start, &end, &dom, TRUE))
  23 +         log_write(0, LOG_MAIN|LOG_PANIC,
  24 +                "failed to parse address '%.100s': %s\n", addr, errmsg);
  25 +       else
  26 +         {
  27 +         deliver_localpart =
  28 +           string_copyn(addr+start, dom ? (dom-1) - start : end - start);
  29 +         deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS"";
  30
  31 -       (void) event_raise(event_action,
  32 -                     US"msg:fail:internal", new->message);
  33 +         event_raise(event_action, US"msg:fail:internal", new->message);
  34
  35 -       deliver_localpart = save_local;
  36 -       deliver_domain =    save_domain;
  37 +         deliver_localpart = save_local;
  38 +         deliver_domain = save_domain;
  39 +         }
  40         }
  41  #endif
  42        }
  43 --
  44 2.20.1
  45