diff options
| author | Phil Pennock <phil+git@pennock-tech.com> | 2020-10-29 18:11:35 -0400 |
|---|---|---|
| committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-05-27 21:30:23 +0200 |
| commit | c1fb74d63ecf0cd1501e53352419bfdfd154b7ea (patch) | |
| tree | 29f09bbdc38c0f6d47d3551e8c1b4aa106d3d060 /doc | |
| parent | 66c014bb0d4972b7d5915795dec376535089740c (diff) | |
SECURITY: length limits on many cmdline options
We'll also now abort upon, rather than silently truncate, a driver name
(router, transport, ACL, etc) encountered in the config which is longer than
the 64-char limit.
(cherry picked from commit ff8bef9ae2370db4a7873fe2ce573a607fe6999f)
(cherry picked from commit a8bd24b96c2027fd839f95a9e6b3282453ae288e)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 19 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 6 |
2 files changed, 25 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 9b8c92bbd..61abb70c0 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -51,6 +51,8 @@ .set ACL "access control lists (ACLs)" .set I " " +.set drivernamemax "64" + .macro copyyear 2020 .endmacro @@ -18802,6 +18804,11 @@ which the preconditions are tested. The order of expansion of the options that provide data for a transport is: &%errors_to%&, &%headers_add%&, &%headers_remove%&, &%transport%&. +.new +The name of a router is limited to be &drivernamemax; ASCII characters long; +prior to Exim 4.95 names would be silently truncated at this length, but now +it is enforced. +.wen .option address_data routers string&!! unset @@ -22345,6 +22352,12 @@ and &$original_domain$& is never set. .scindex IIDgenoptra1 "generic options" "transport" .scindex IIDgenoptra2 "options" "generic; for transports" .scindex IIDgenoptra3 "transport" "generic options for" +.new +The name of a transport is limited to be &drivernamemax; ASCII characters long; +prior to Exim 4.95 names would be silently truncated at this length, but now +it is enforced. +.wen + The following generic options apply to all transports: @@ -27181,6 +27194,12 @@ permitted to use it as a relay. SMTP authentication is not of relevance to the transfer of mail between servers that have no managerial connection with each other. +.new +The name of an authenticator is limited to be &drivernamemax; ASCII characters long; +prior to Exim 4.95 names would be silently truncated at this length, but now +it is enforced. +.wen + .cindex "AUTH" "description of" .cindex "ESMTP extensions" AUTH Very briefly, the way SMTP authentication works is as follows: diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 58ba70f02..4c6eb810e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -263,6 +263,12 @@ PP/02 Bug 2643: Correct TLS DH constants. incorrect Diffie-Hellman constants in the Exim source. Reported by kylon94, code-gen tool fix by Simon Arlott. +PP/03 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX + better. Reported by Qualys. + +PP/04 Impose security length checks on various command-line options. + Fixes CVE-2020-SPRSS reported by Qualys. + Exim version 4.94 ----------------- |