summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-txt/ChangeLog10
-rw-r--r--src/src/dkim.c3
-rw-r--r--src/src/pdkim/pdkim.h4
3 files changed, 15 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index db1c5254c..8daf3578e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -81,6 +81,16 @@ JH/09 Add $headers_added variable, with content from use of ACL modifier
JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
Pulled from Bugzilla 817 by Wolfgang Breyha.
+PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+
+
+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+ This, or similar/improved, will also be change PP/11 of 4.81.
Exim version 4.80
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 87e91dea2..05b5fec56 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
"%.*s", (int)len, (char *)((rr->data)+rr_offset));
rr_offset+=len;
answer_offset+=len;
+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
+ return PDKIM_FAIL;
+ }
}
}
else return PDKIM_FAIL;
diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 764cc83be..1d364a3c9 100644
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -27,8 +27,8 @@
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
- callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
+ callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
/* -------------------------------------------------------------------------- */
/* Function success / error codes */