summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2004-12-29 10:16:52 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2004-12-29 10:16:52 +0000
commitb975ba52a239bbf56b61a8af88d480bf07c20d81 (patch)
tree61844ab870ca1eb9935b3f574695c05391c61858 /doc
parentfc9c231709c26bef8c27a60a76f835d12b20268f (diff)
The host_aton() buffer overflow: (1) Put a check in host_aton() itself;
(2) noted that the exploit via dnsdb/ptr lookup was already fortuitously fixed by a previous change.
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-txt/ChangeLog14
-rw-r--r--doc/doc-txt/NewStuff8
2 files changed, 15 insertions, 7 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 349296817..eff7a9d7e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.57 2004/12/22 12:05:45 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.58 2004/12/29 10:16:52 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -236,8 +236,8 @@ Exim version 4.50
55. Some experimental protocols are using DNS PTR records for new purposes. The
keys for these records are domain names, not reversed IP addresses. The
- dnsdb lookup now tests whether it's key is an IP address. If not, it leaves
- it alone. Component reversal etc. now happens only for IP addresses.
+ dnsdb PTR lookup now tests whether its key is an IP address. If not, it
+ leaves it alone. Component reversal etc. now happens only for IP addresses.
56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP.
@@ -253,6 +253,14 @@ Exim version 4.50
(2) The default for smtp_banner uses $smtp_active_hostname instead
of $primary_hostname.
+60. The host_aton() function is supposed to be passed a string that is known
+ to be a valid IP address. However, in the case of IPv6 addresses, it was
+ not checking this. This is a hostage to fortune. Exim now panics and dies
+ if the condition is not met. A case was found where this could be provoked
+ from a dnsdb lookup; fortuitously, this particular loophole had already
+ been fixed by change 4.50/55 above. If there are any other similar
+ loopholes, the new check should stop them being exploited.
+
Exim version 4.43
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index bf9890bb3..30cb58ab5 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.23 2004/12/22 12:05:45 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.24 2004/12/29 10:16:52 ph10 Exp $
New Features in Exim
--------------------
@@ -234,9 +234,9 @@ Version 4.50
19. The Exiscan patch is now merged into the main source. See src/EDITME for
parameters for the build.
-20. If the key for a dnsdb lookup is not an IP address, it is used verbatim,
- without component reversal and without the addition of in-addr.arpa or
- ip6.arpa.
+20. If the key for a dnsdb PTR lookup is not an IP address, it is used
+ verbatim, without component reversal and without the addition of
+ in-addr.arpa or ip6.arpa.
21. Two changes related to the smtp_active_hostname option: