diff options
| author | Clive Lin <clive@FreeBSD.org> | 2002-11-24 10:46:58 +0000 |
|---|---|---|
| committer | Clive Lin <clive@FreeBSD.org> | 2002-11-24 10:46:58 +0000 |
| commit | e4e7c4c253a88e9d83888d0e39dd651630fae01b (patch) | |
| tree | d8d181cf4d28b49d687d6db9d435447a369e700e /mail/nullmailer | |
| parent | New port: textproc/whitespace.el (diff) | |
Fix a possible denial of service vulnerability.
After this patch, the action of piping mails out won't stop,
even if all of your mails were failed to deliver. Nullmailer
itself will keep throwing mails to smart relay as long as
there're incoming mails, no matter how broken the recipients
of the previous mails.
Still leave this port in FORBIDDEN state until I address
PR ports/45152
Obtained from: http://www.debian.org/security/2002/dsa-198
Noted by: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
Notes
Notes:
svn path=/head/; revision=70990
Diffstat (limited to 'mail/nullmailer')
| -rw-r--r-- | mail/nullmailer/files/patch-send.cc | 10 | ||||
| -rw-r--r-- | mail/nullmailer/files/patch-sendmail.cc | 11 | ||||
| -rw-r--r-- | mail/nullmailer/files/patch-smtp.cc | 14 |
3 files changed, 35 insertions, 0 deletions
diff --git a/mail/nullmailer/files/patch-send.cc b/mail/nullmailer/files/patch-send.cc index f1e579dc3702..3329b8d0781e 100644 --- a/mail/nullmailer/files/patch-send.cc +++ b/mail/nullmailer/files/patch-send.cc @@ -8,3 +8,13 @@ #include "configio.h" #include "defines.h" #include "errcodes.h" +@@ -233,8 +234,7 @@ + << itoa(files.count()) << " message(s) in queue." << endl; + for(rlist::iter remote(remotes); remote; remote++) { + for(slist::iter file(files); file; files.remove(file)) { +- if(!send_one(*file, *remote)) +- break; ++ send_one(*file, *remote); + } + } + fout << "Delivery complete, " diff --git a/mail/nullmailer/files/patch-sendmail.cc b/mail/nullmailer/files/patch-sendmail.cc new file mode 100644 index 000000000000..2c83bb469c86 --- /dev/null +++ b/mail/nullmailer/files/patch-sendmail.cc @@ -0,0 +1,11 @@ +--- src/sendmail.cc ++++ src/sendmail.cc +@@ -84,7 +84,7 @@ + str[varlen] = '='; + memcpy(str+varlen+1, val, vallen); + str[varlen+vallen+1] = 0; +- return putenv(str); ++ return putenv(strdup(str)); + } + #endif + diff --git a/mail/nullmailer/files/patch-smtp.cc b/mail/nullmailer/files/patch-smtp.cc new file mode 100644 index 000000000000..55a0cfbf883f --- /dev/null +++ b/mail/nullmailer/files/patch-smtp.cc @@ -0,0 +1,14 @@ +--- protocols/smtp.cc ++++ protocols/smtp.cc +@@ -120,9 +120,8 @@ + docmd("DATA", 300); + mystring tmp; + while(msg->getline(tmp)) { +- if((tmp[0] == '.' && tmp[1] == 0 && !(out << ".")) || +- !(out << tmp << "\r\n")) +- exit(ERR_MSG_WRITE); ++ if(tmp[0] == '.' && !(out << ".")) exit(ERR_MSG_WRITE); ++ if(!(out << tmp << "\r\n")) exit(ERR_MSG_WRITE); + } + docmd(".", 200); + } |