diff options
author | Philip Hazel <ph10@hermes.cam.ac.uk> | 2004-12-29 10:16:52 +0000 |
---|---|---|
committer | Philip Hazel <ph10@hermes.cam.ac.uk> | 2004-12-29 10:16:52 +0000 |
commit | b975ba52a239bbf56b61a8af88d480bf07c20d81 (patch) | |
tree | 61844ab870ca1eb9935b3f574695c05391c61858 /doc | |
parent | fc9c231709c26bef8c27a60a76f835d12b20268f (diff) |
The host_aton() buffer overflow: (1) Put a check in host_aton() itself;
(2) noted that the exploit via dnsdb/ptr lookup was already fortuitously
fixed by a previous change.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-txt/ChangeLog | 14 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 8 |
2 files changed, 15 insertions, 7 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 349296817..eff7a9d7e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.57 2004/12/22 12:05:45 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.58 2004/12/29 10:16:52 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -236,8 +236,8 @@ Exim version 4.50 55. Some experimental protocols are using DNS PTR records for new purposes. The keys for these records are domain names, not reversed IP addresses. The - dnsdb lookup now tests whether it's key is an IP address. If not, it leaves - it alone. Component reversal etc. now happens only for IP addresses. + dnsdb PTR lookup now tests whether its key is an IP address. If not, it + leaves it alone. Component reversal etc. now happens only for IP addresses. 56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. @@ -253,6 +253,14 @@ Exim version 4.50 (2) The default for smtp_banner uses $smtp_active_hostname instead of $primary_hostname. +60. The host_aton() function is supposed to be passed a string that is known + to be a valid IP address. However, in the case of IPv6 addresses, it was + not checking this. This is a hostage to fortune. Exim now panics and dies + if the condition is not met. A case was found where this could be provoked + from a dnsdb lookup; fortuitously, this particular loophole had already + been fixed by change 4.50/55 above. If there are any other similar + loopholes, the new check should stop them being exploited. + Exim version 4.43 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index bf9890bb3..30cb58ab5 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.23 2004/12/22 12:05:45 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.24 2004/12/29 10:16:52 ph10 Exp $ New Features in Exim -------------------- @@ -234,9 +234,9 @@ Version 4.50 19. The Exiscan patch is now merged into the main source. See src/EDITME for parameters for the build. -20. If the key for a dnsdb lookup is not an IP address, it is used verbatim, - without component reversal and without the addition of in-addr.arpa or - ip6.arpa. +20. If the key for a dnsdb PTR lookup is not an IP address, it is used + verbatim, without component reversal and without the addition of + in-addr.arpa or ip6.arpa. 21. Two changes related to the smtp_active_hostname option: |