| Age | Commit message (Collapse) | Author |
|---|
|
The BDAT state switchers should happen so often during SMTP reception that a
compiler hint to inline seems wise.
The length filter checks happen on every start-up, which for Exim is often
enough that I think an inline these is warranted too.
(cherry picked from commit 6e3d0e3f1c8228ef19a3d1ba61f131cef3172ceb)
(cherry picked from commit 6ca5fcba34070f4495a0188f16eb2e4d78f3430a)
|
|
(cherry picked from commit 85a90771a373aaaced64b92d7176a8a310490b9e)
(cherry picked from commit da683a61556bbbebdffcbebf2668da58da59f898)
|
|
(cherry picked from commit dd1b9b753bb7c42df2b8f48d726b82928b67940b)
(cherry picked from commit 96fb195ebc2eb6790e6ad6dde46d478aee62198d)
|
|
A boundary case in looking for an opening quote before the closing quote could
walk off the front of the buffer.
(cherry picked from commit 515d8d43a18481d23d7cf410b8dc71b4e254ebb8)
(cherry picked from commit 467948de0c407bd2bbc2e84abbbf09f35b035538)
|
|
(cherry picked from commit 323ff55e67b44e95f9d3cfaba155e385aa33c4bd)
(cherry picked from commit 3a54fcd1e303bf1cc49beca7ceac35d7448860a9)
|
|
A default of "unlimited" can have unfortunate consequences when people start
putting many millions of recipients on a message.
(cherry picked from commit 1d7780722a66cea8da5fa4ae0775e85d185fbf7e)
(cherry picked from commit a6e1f69d82adcfd3caab8f228d96750dfddc8f07)
|
|
(cherry picked from commit 706864e934c70941ce7a327f97b7649a1e5f5556)
(cherry picked from commit 9f06dcd6848052f2524658bf871c60a8d48c7dbe)
|
|
Negative sizes are definitely bad.
Optimistically, I'm saying that zero is bad too. But perhaps we have something
doing that, expecting to be able to grow. In which case we'll have to amend
this.
(cherry picked from commit 1c9afcec0043e2fb72607b2addb0613763705549)
(cherry picked from commit 6f5d7e5af8eff688c36f81334e4f063689561963)
|
|
(cherry picked from commit 29d7a8c25f182c91d5d30f124f9e296dce5c018e)
(cherry picked from commit 0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756)
|
|
(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542)
(cherry picked from commit 4e59a5d5c448e1fcdcbead268ffe6561adf0224d)
|
|
(cherry picked from commit bf5f9d56fadf9be8d947f141d31f7e0e8fa63762)
(cherry picked from commit 6d2cfb575c95c1b81597d6b9eb2904cd695d7e4a)
|
|
(cherry picked from commit f28a6a502c7973d8844d11d4b0990d4b0359fb3f)
(cherry picked from commit 7a7136ba7f5c2db33c7e320ffd4675335c4557e5)
|
|
We'll also now abort upon, rather than silently truncate, a driver name
(router, transport, ACL, etc) encountered in the config which is longer than
the 64-char limit.
(cherry picked from commit ff8bef9ae2370db4a7873fe2ce573a607fe6999f)
(cherry picked from commit a8bd24b96c2027fd839f95a9e6b3282453ae288e)
|
|
I get different results now to those I got before.
Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I
get the results below. The ffdhe2048 value now matches that at
<https://ssl-config.mozilla.org/ffdhe2048.txt>.
I ran the same code yesterday for just the ffdhe2048 item and got code which
seemed to me then to match what was already in the C file. Something hinky is
going on, perhaps with my sanity.
(the commit IDs changee because of heavy rebasing (heiko))
(cherry picked from commit 76ed8115182e2daaadb437ec9655df8000796ec5)
(cherry picked from commit 0aafa26a5d3d528e79476c91537c28936154fe04)
|
|
Signed-off-by: Phil Pennock <pdp@exim.org>
(cherry picked from commit 1cf66e5872d517b620c308af634e4e26e3547f06)
(cherry picked from commit 48d8c54ecf9493c709d4305850877b6062f285a7)
|
|
An example exploit failed against my system, because I had this sanity guard in
place; it's not a real security fix since a careful attacker could find enough
valid recipients to hit that problem, but it highlights that this is a useful
enough pattern that we should encourage its wider use.
(cherry picked from commit 2a636a39fff29b7c3da1798767a510dfed982a62)
(cherry picked from commit 346f96bad326893f9c1fa772a5b8ac35b1f8f7bd)
|
|
(cherry picked from commit cdc5c672e1c309294626cd5ed90acdccb05baaa1)
(cherry picked from commit f9c8211fb0ad0dd362f471978a5e0abc5dfa71b4)
|
|
(cherry picked from commit 60f2a8e797d9ebaea1e3eac4ad28ff64e11bab40)
(cherry picked from commit 6b3d553c733475a1033c8b7a241e6506d7ed73b1)
|
|
(cherry picked from commit 7973b58af7db0fb8fddb54b366dcf43c7ce131ec)
(cherry picked from commit b7e726f6ae4c6f19e7efc4e6b10ec35e5b01368c)
|
|
|
|
Thanks to Nico R for providing a reproducing configuration.
host_lookup = *
message_size_limit = ${if def:sender_host_name {32M}{32M}}
acl_smtp_connect = acl_smtp_connect
acl_smtp_rcpt = acl_smtp_rcpt
begin acl
acl_smtp_connect:
warn ratelimit = 256 / 1m / per_conn
accept
acl_smtp_rcpt:
accept hosts = 127.0.0.*
begin routers
null:
driver = accept
transport = null
begin transports
null:
driver = appendfile
file = /dev/null
Tested with
swaks -f mailbox@example.org -t mailbox@example.org --pipe 'exim -bh 127.0.0.1 -C /opt/exim/etc/exim-bug.conf'
The IP must have a PTR to "localhost." to reproduce it.
(cherry picked from commit 20812729e3e47a193a21d326ecd036d67a8b2724)
|
|
|
|
|
|
|
|
Broken in d8e99d6047e709b35eabb1395c2046100d1a1dda
Thanks to JGH and Wolfgang Breyha for contributions.
(cherry picked from commit e8ac8be0a3d56ba0a189fb970c339ac6e84769be)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
path
|
|
|
|
|
|
|
|
Broken-by: 001bf8f587
|
|
|
|
|
|
This should easy automated testing where no .git directory
is available (as is happens with git worktrees)
Setting this environment variable makes the reversion script
using it instead of searching for version.sh or using `git describe`.
|
|
|
|
|
|
modify debugging status
|
|
|
|
|
|
They're passed as HDRS, but the lookups/Makefile referenced the PHDRS
(which was empty)
E.g. touch src/functions.h didn't force a rebuild of the lookups.a
|
|
This should fix a Solaris build error probably inserted by 92583637b2
|
