debian/patches/93_CVE-2016-9963-Fix-DKIM-information-leakage.patch

   1 From be2b8e517f4946d2ad0cb0100e7b078cb4d9b65f Mon Sep 17 00:00:00 2001
   2 From: Jeremy Harris <jgh@wizmail.org>
   3 Date: Fri, 16 Dec 2016 20:36:39 +0000
   4 Subject: [PATCH 1/2] Fix DKIM information leakage
   5
   6 ---
   7
   8 --- a/src/dkim.c
   9 +++ b/src/dkim.c
  10 @@ -521,6 +521,8 @@ uschar *dkim_exim_sign(int dkim_fd,
  11                            (char *)dkim_private_key_expanded
  12                           );
  13
  14 +    dkim_private_key_expanded[0] = '\0';
  15 +
  16      pdkim_set_debug_stream(ctx,debug_file);
  17
  18      pdkim_set_optional(ctx,
  19 --- a/src/transports/smtp.c
  20 +++ b/src/transports/smtp.c
  21 @@ -282,6 +282,7 @@ static uschar *rf_names[] = { "NEVER", "
  22  static uschar *smtp_command;   /* Points to last cmd for error messages */
  23  static uschar *mail_command;   /* Points to MAIL cmd for error messages */
  24  static BOOL    update_waiting; /* TRUE to update the "wait" database */
  25 +static uschar *data_command = US"";    /* Points to DATA cmd for error messages */
  26
  27
  28  /*************************************************
  29 @@ -1951,6 +1952,7 @@ if (ok || (smtp_use_pipelining && !mua_w
  30      case -1: goto END_OFF;               /* Timeout on RCPT */
  31      default: goto RESPONSE_FAILED;       /* I/O error, or any MAIL/DATA error */
  32      }
  33 +  data_command = string_copy(big_buffer);  /* Save for later error message */
  34    }
  35
  36  /* Save the first address of the next batch. */
  37 @@ -2136,7 +2138,7 @@ if (!ok) ok = TRUE; else
  38  #else
  39             "LMTP error after %s: %s",
  40  #endif
  41 -            big_buffer, string_printing(buffer));
  42 +            data_command, string_printing(buffer));
  43            setflag(addr, af_pass_message);   /* Allow message to go to user */
  44            if (buffer[0] == '5')
  45              addr->transport_return = FAIL;