diff options
Diffstat (limited to 'network/opensmtpd/openbsd64-020-smtpd.patch')
-rw-r--r-- | network/opensmtpd/openbsd64-020-smtpd.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/network/opensmtpd/openbsd64-020-smtpd.patch b/network/opensmtpd/openbsd64-020-smtpd.patch deleted file mode 100644 index 8ce7178da8..0000000000 --- a/network/opensmtpd/openbsd64-020-smtpd.patch +++ /dev/null @@ -1,31 +0,0 @@ -OpenBSD 6.4 errata 020, August 2, 2019 - -smtpd can crash on excessively large input, causing a denial of service. - ---- a/smtpd/smtp_session.c 3 Sep 2018 19:01:29 -0000 1.337 -+++ b/smtpd/smtp_session.c 1 Aug 2019 21:18:53 -0000 -@@ -1904,15 +1904,21 @@ smtp_reply(struct smtp_session *s, char - { - va_list ap; - int n; -- char buf[LINE_MAX], tmp[LINE_MAX]; -+ char buf[LINE_MAX*2], tmp[LINE_MAX*2]; - - va_start(ap, fmt); - n = vsnprintf(buf, sizeof buf, fmt, ap); - va_end(ap); -- if (n == -1 || n >= LINE_MAX) -- fatalx("smtp_reply: line too long"); -+ if (n < 0) -+ fatalx("smtp_reply: response format error"); - if (n < 4) - fatalx("smtp_reply: response too short"); -+ if (n >= (int)sizeof buf) { -+ /* only first three bytes are used by SMTP logic, -+ * so if _our_ reply does not fit entirely in the -+ * buffer, it's ok to truncate. -+ */ -+ } - - log_trace(TRACE_SMTP, "smtp: %p: >>> %s", s, buf); - |