diff options
-rw-r--r-- | doc/doc-txt/ChangeLog | 10 | ||||
-rw-r--r-- | src/src/dkim.c | 3 | ||||
-rw-r--r-- | src/src/pdkim/pdkim.h | 4 |
3 files changed, 15 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index db1c5254c..8daf3578e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -81,6 +81,16 @@ JH/09 Add $headers_added variable, with content from use of ACL modifier JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line. Pulled from Bugzilla 817 by Wolfgang Breyha. +PP/11 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + + +Exim version 4.80.1 +------------------- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.81. Exim version 4.80 diff --git a/src/src/dkim.c b/src/src/dkim.c index 87e91dea2..05b5fec56 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) { "%.*s", (int)len, (char *)((rr->data)+rr_offset)); rr_offset+=len; answer_offset+=len; + if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) { + return PDKIM_FAIL; + } } } else return PDKIM_FAIL; diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 764cc83be..1d364a3c9 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -27,8 +27,8 @@ /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt - callback function. */ -#define PDKIM_DNS_TXT_MAX_RECLEN 4096 + callback function. This should match the maximum RDLENGTH from DNS. */ +#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) /* -------------------------------------------------------------------------- */ /* Function success / error codes */ |