~yolanda.robla/ubuntu/saucy/exim4/update_smtp

~yolanda.robla/ubuntu/saucy/exim4/update_smtp_banner

Viewing changes to src/dkim.c

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2012-10-25 08:22:46 UTC
Revision ID: package-import@ubuntu.com-20121025082246-cj5q1jm0qlxebzub

Tags: 4.80-3ubuntu1.1

* SECURITY UPDATE: arbitrary code execution via dns decode logic
  - debian/patches/CVE-2012-5671.patch: adjust max length and validate
    against it in src/pdkim/pdkim.h, src/dkim.c.
  - CVE-2012-5671

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/CVE-2012-5671.patch

.pc/CVE-2012-5671.patch/src

.pc/CVE-2012-5671.patch/src/dkim.c

.pc/CVE-2012-5671.patch/src/pdkim

.pc/CVE-2012-5671.patch/src/pdkim/pdkim.h

debian/patches/CVE-2012-5671.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

src/dkim.c

src/pdkim/pdkim.h

Show diffs side-by-side

added added

removed removed

src/dkim.c

"%.*s", (int)len, (char *)((rr->data)+rr_offset));

rr_offset+=len;

answer_offset+=len;

if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {

return PDKIM_FAIL;

}

else return PDKIM_FAIL;

Older »