diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:16:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:16:14 +0000 |
commit | 318a1a2246a9f521e5a02313dcc1f6d68a0af7ec (patch) | |
tree | e28c79d572e488bf782444e31d81291b99ef1932 /debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch | |
parent | Adding upstream version 4.96. (diff) | |
download | exim4-318a1a2246a9f521e5a02313dcc1f6d68a0af7ec.tar.xz exim4-318a1a2246a9f521e5a02313dcc1f6d68a0af7ec.zip |
Adding debian version 4.96-15+deb12u4.debian/4.96-15+deb12u4debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch b/debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch new file mode 100644 index 0000000..e8bda9e --- /dev/null +++ b/debian/patches/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch @@ -0,0 +1,39 @@ +From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001 +From: Lorenz Brun <lorenz@brun.one> +Date: Fri, 14 Oct 2022 21:02:51 +0200 +Subject: [PATCH 2/2] DMARC: fix use-after-free in dmarc_dns_lookup + +This fixes a use-after-free in dmarc_dns_lookup where the result +of dns_lookup in dnsa is freed before the required data is copied out. + +Fixes: 9258363 ("DNS: explicit alloc/free of workspace") +--- + src/dmarc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/dmarc.c b/src/dmarc.c +index ad0c26c91..53c2752ac 100644 +--- a/src/dmarc.c ++++ b/src/dmarc.c +@@ -226,16 +226,17 @@ dns_scan dnss; + int rc = dns_lookup(dnsa, string_sprintf("_dmarc.%s", dom), T_TXT, NULL); + + if (rc == DNS_SUCCEED) + for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; + rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) + if (rr->type == T_TXT && rr->size > 3) + { ++ uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED); + store_free_dns_answer(dnsa); +- return string_copyn_taint(US rr->data, rr->size, GET_TAINTED); ++ return record; + } + store_free_dns_answer(dnsa); + return NULL; + } + + + static int +-- +2.35.1 + |