diff options
Diffstat (limited to 'debian/patches/73_04-Fix-host_name_lookup-Close-2747.patch')
| -rw-r--r-- | debian/patches/73_04-Fix-host_name_lookup-Close-2747.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/debian/patches/73_04-Fix-host_name_lookup-Close-2747.patch b/debian/patches/73_04-Fix-host_name_lookup-Close-2747.patch new file mode 100644 index 0000000..dd5c982 --- /dev/null +++ b/debian/patches/73_04-Fix-host_name_lookup-Close-2747.patch @@ -0,0 +1,80 @@ +From 20812729e3e47a193a21d326ecd036d67a8b2724 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> +Date: Sun, 16 May 2021 19:11:19 +0200 +Subject: [PATCH 4/4] Fix host_name_lookup (Close 2747) + +Thanks to Nico R for providing a reproducing configuration. + + host_lookup = * + message_size_limit = ${if def:sender_host_name {32M}{32M}} + acl_smtp_connect = acl_smtp_connect + acl_smtp_rcpt = acl_smtp_rcpt + + begin acl + acl_smtp_connect: + warn ratelimit = 256 / 1m / per_conn + accept + + acl_smtp_rcpt: + accept hosts = 127.0.0.* + + begin routers + null: + driver = accept + transport = null + + begin transports + null: + driver = appendfile + file = /dev/null + +Tested with + + swaks -f mailbox@example.org -t mailbox@example.org --pipe 'exim -bh 127.0.0.1 -C /opt/exim/etc/exim-bug.conf' + +The IP must have a PTR to "localhost." to reproduce it. +--- + src/host.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/host.c b/src/host.c +index ee9d323a7..2047b9798 100644 +--- a/src/host.c ++++ b/src/host.c +@@ -1577,15 +1577,15 @@ Put it in permanent memory. */ + + sender_host_name = string_copylc(US hosts->h_name); + + /* If the host has aliases, build a copy of the alias list */ + + if (hosts->h_aliases) + { +- int count = 1; ++ int count = 1; /* need 1 more for terminating NULL */ + uschar **ptr; + + for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++; + store_pool = POOL_PERM; + ptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE); + store_pool = POOL_TAINT_PERM; + +@@ -1686,15 +1686,15 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) + if failure. (PTR records that yield empty names have been encountered in + the DNS.) */ + + if (rc == DNS_SUCCEED) + { + uschar **aptr = NULL; + int ssize = 264; +- int count = 0; ++ int count = 1; /* need 1 more for terminating NULL */ + int old_pool = store_pool; + + sender_host_dnssec = dns_is_secure(dnsa); + DEBUG(D_dns) + debug_printf("Reverse DNS security status: %s\n", + sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified"); + +-- +2.30.2 + |