summaryrefslogtreecommitdiffstats
path: root/network/opensmtpd/openbsd66-019-smtpd-exec.patch
diff options
context:
space:
mode:
author Matteo Bernardini2020-03-28 15:26:04 +0100
committer Matteo Bernardini2020-03-28 15:26:04 +0100
commitea43edde1d4617fb627619bf7518163ba171983f (patch)
tree1b0ddc8b44db55aae3a0dfb15904016a8fa43c2b /network/opensmtpd/openbsd66-019-smtpd-exec.patch
parentb622b49c1cf6273e5d73fb1f982bc7e1562b572a (diff)
downloadslackbuilds-current-20200328.1.tar.gz
20200328.1 global branch merge.current-20200328.1
Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
Diffstat (limited to 'network/opensmtpd/openbsd66-019-smtpd-exec.patch')
-rw-r--r--network/opensmtpd/openbsd66-019-smtpd-exec.patch46
1 files changed, 0 insertions, 46 deletions
diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch
deleted file mode 100644
index 93ce19dcb1..0000000000
--- a/network/opensmtpd/openbsd66-019-smtpd-exec.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-OpenBSD 6.6 errata 019, January 30, 2020:
-
-An incorrect check allows an attacker to trick mbox delivery into executing
-arbitrary commands as root and lmtp delivery into executing arbitrary commands
-as an unprivileged user.
-
---- usr.sbin/smtpd/smtp_session.c 4 Oct 2019 08:34:29 -0000 1.415
-+++ usr.sbin/smtpd/smtp_session.c 26 Jan 2020 05:56:37 -0000
-@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch
- memmove(maddr->user, p, strlen(p) + 1);
- }
-
-- if (!valid_localpart(maddr->user) ||
-- !valid_domainpart(maddr->domain)) {
-- /* accept empty return-path in MAIL FROM, required for bounces */
-- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
-- return (1);
-+ /* accept empty return-path in MAIL FROM, required for bounces */
-+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
-+ return (1);
-
-- /* no user-part, reject */
-- if (maddr->user[0] == '\0')
-- return (0);
--
-- /* no domain, local user */
-- if (maddr->domain[0] == '\0') {
-- (void)strlcpy(maddr->domain, domain,
-- sizeof(maddr->domain));
-- return (1);
-- }
-+ /* no or invalid user-part, reject */
-+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user))
- return (0);
-+
-+ /* no domain part, local user */
-+ if (maddr->domain[0] == '\0') {
-+ (void)strlcpy(maddr->domain, domain,
-+ sizeof(maddr->domain));
- }
-+
-+ if (!valid_domainpart(maddr->domain))
-+ return (0);
-
- return (1);
- }