diff options
author | Matteo Bernardini | 2020-03-28 15:26:04 +0100 |
---|---|---|
committer | Matteo Bernardini | 2020-03-28 15:26:04 +0100 |
commit | ea43edde1d4617fb627619bf7518163ba171983f (patch) | |
tree | 1b0ddc8b44db55aae3a0dfb15904016a8fa43c2b /network/opensmtpd/openbsd66-019-smtpd-exec.patch | |
parent | b622b49c1cf6273e5d73fb1f982bc7e1562b572a (diff) | |
download | slackbuilds-current-20200328.1.tar.gz |
20200328.1 global branch merge.current-20200328.1
Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
Diffstat (limited to 'network/opensmtpd/openbsd66-019-smtpd-exec.patch')
-rw-r--r-- | network/opensmtpd/openbsd66-019-smtpd-exec.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch deleted file mode 100644 index 93ce19dcb1..0000000000 --- a/network/opensmtpd/openbsd66-019-smtpd-exec.patch +++ /dev/null @@ -1,46 +0,0 @@ -OpenBSD 6.6 errata 019, January 30, 2020: - -An incorrect check allows an attacker to trick mbox delivery into executing -arbitrary commands as root and lmtp delivery into executing arbitrary commands -as an unprivileged user. - ---- usr.sbin/smtpd/smtp_session.c 4 Oct 2019 08:34:29 -0000 1.415 -+++ usr.sbin/smtpd/smtp_session.c 26 Jan 2020 05:56:37 -0000 -@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch - memmove(maddr->user, p, strlen(p) + 1); - } - -- if (!valid_localpart(maddr->user) || -- !valid_domainpart(maddr->domain)) { -- /* accept empty return-path in MAIL FROM, required for bounces */ -- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') -- return (1); -+ /* accept empty return-path in MAIL FROM, required for bounces */ -+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') -+ return (1); - -- /* no user-part, reject */ -- if (maddr->user[0] == '\0') -- return (0); -- -- /* no domain, local user */ -- if (maddr->domain[0] == '\0') { -- (void)strlcpy(maddr->domain, domain, -- sizeof(maddr->domain)); -- return (1); -- } -+ /* no or invalid user-part, reject */ -+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user)) - return (0); -+ -+ /* no domain part, local user */ -+ if (maddr->domain[0] == '\0') { -+ (void)strlcpy(maddr->domain, domain, -+ sizeof(maddr->domain)); - } -+ -+ if (!valid_domainpart(maddr->domain)) -+ return (0); - - return (1); - } |