From c3aefacc72991f4960486052775ab47cd83c5fae Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Mon, 19 Aug 2019 14:45:48 +0200
Subject: string.c: do not interpret '\\' before '\0' (CVE-2019-15846)

Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements

(cherry picked from commit 2600301ba6dbac5c9d640c87007a07ee6dcea1f4, 6693563381 and cdc7f9a966)
---
 test/aux-fixed/0909/input/1i2t1o-0000cD-CV-D | 49 ++++++++++++++++++++++++++++
 test/aux-fixed/0909/input/1i2t1o-0000cD-CV-H | 29 ++++++++++++++++
 test/confs/0909                              |  4 +++
 test/scripts/0000-Basic/0909                 |  2 ++
 test/stdout/0909                             |  1 +
 5 files changed, 85 insertions(+)
 create mode 100644 test/aux-fixed/0909/input/1i2t1o-0000cD-CV-D
 create mode 100644 test/aux-fixed/0909/input/1i2t1o-0000cD-CV-H
 create mode 100644 test/confs/0909
 create mode 100644 test/scripts/0000-Basic/0909
 create mode 100644 test/stdout/0909

(limited to 'test')

diff --git a/test/aux-fixed/0909/input/1i2t1o-0000cD-CV-D b/test/aux-fixed/0909/input/1i2t1o-0000cD-CV-D
new file mode 100644
index 000000000..22baf8b6f
--- /dev/null
+++ b/test/aux-fixed/0909/input/1i2t1o-0000cD-CV-D
@@ -0,0 +1,49 @@
+1i2t1o-0000cD-CV-D
+--1566979804-eximdsn-1242325065
+Content-type: text/plain; charset=us-ascii
+
+This message was created automatically by mail delivery software.
+
+A message that you sent could not be delivered to one or more of its
+recipients. This is a permanent error. The following address(es) failed:
+
+  root@schlittermann.de
+    (generated from root@muli.schlittermann.de)
+    host ssl.schlittermann.de [212.80.235.130]
+    SMTP error from remote mail server after pipelined MAIL FROM:<root@schlittermann.de> SIZE=1882:
+    550 Authenticated connections only.
+
+--1566979804-eximdsn-1242325065
+Content-type: message/delivery-status
+
+Reporting-MTA: dns; muli.schlittermann.de
+
+Action: failed
+Final-Recipient: rfc822;root@schlittermann.de
+Status: 5.0.0
+Remote-MTA: dns; ssl.schlittermann.de
+Diagnostic-Code: smtp; 550 Authenticated connections only.
+
+--1566979804-eximdsn-1242325065
+Content-type: text/rfc822-headers
+
+Return-path: <root@schlittermann.de>
+Received: from root by muli.schlittermann.de with local (Exim 4.89)
+	(envelope-from <root@schlittermann.de>)
+	id 1i2t1l-0000c8-TF
+	for root@muli.schlittermann.de; Wed, 28 Aug 2019 10:10:02 +0200
+From: root@muli.schlittermann.de (Cron Daemon)
+To: root@muli.schlittermann.de
+Subject: Cron <root@muli>    /root/dbsync
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+X-Cron-Env: <SHELL=/bin/sh>
+X-Cron-Env: <PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin>
+X-Cron-Env: <HOME=/root>
+X-Cron-Env: <LOGNAME=root>
+Message-Id: <E1i2t1l-0000c8-TF@muli.schlittermann.de>
+Date: Wed, 28 Aug 2019 10:10:01 +0200
+
+
+--1566979804-eximdsn-1242325065--
diff --git a/test/aux-fixed/0909/input/1i2t1o-0000cD-CV-H b/test/aux-fixed/0909/input/1i2t1o-0000cD-CV-H
new file mode 100644
index 000000000..e93e2eaa1
--- /dev/null
+++ b/test/aux-fixed/0909/input/1i2t1o-0000cD-CV-H
@@ -0,0 +1,29 @@
+1i2t1o-0000cD-CV-H
+Debian-exim 107 110
+<>
+1566979804 0
+-ident Debian-exim
+-received_protocol local
+-body_linecount 48
+-max_received_linelength 99
+-allow_unqualified_recipient
+-allow_unqualified_sender
+-frozen 1566979805
+-localerror
+-tls_peerdn example.com\
+XX
+1
+root@schlittermann.de
+
+156P Received: from Debian-exim by muli.schlittermann.de with local (Exim 4.89)
+	id 1i2t1o-0000cD-CV
+	for root@schlittermann.de; Wed, 28 Aug 2019 10:10:04 +0200
+043  X-Failed-Recipients: root@schlittermann.de
+029  Auto-Submitted: auto-replied
+065F From: Mail Delivery System <Mailer-Daemon@muli.schlittermann.de>
+026T To: root@schlittermann.de
+100  Content-Type: multipart/report; report-type=delivery-status; boundary=1566979804-eximdsn-1242325065
+018  MIME-Version: 1.0
+059  Subject: Mail delivery failed: returning message to sender
+054I Message-Id: <E1i2t1o-0000cD-CV@muli.schlittermann.de>
+038  Date: Wed, 28 Aug 2019 10:10:04 +0200
diff --git a/test/confs/0909 b/test/confs/0909
new file mode 100644
index 000000000..68b5be68f
--- /dev/null
+++ b/test/confs/0909
@@ -0,0 +1,4 @@
+keep_environment =
+tls_advertise_hosts =
+log_file_path = DIR/spool/log/%slog
+spool_directory = DIR/aux-fixed/0909
diff --git a/test/scripts/0000-Basic/0909 b/test/scripts/0000-Basic/0909
new file mode 100644
index 000000000..6476caa75
--- /dev/null
+++ b/test/scripts/0000-Basic/0909
@@ -0,0 +1,2 @@
+# Check for trailing backslash bug CVE-2019-XXX
+exim -Mset 1i2t1o-0000cD-CV -be '$tls_in_peerdn'
diff --git a/test/stdout/0909 b/test/stdout/0909
new file mode 100644
index 000000000..4deed14a1
--- /dev/null
+++ b/test/stdout/0909
@@ -0,0 +1 @@
+example.com\
-- 
cgit v1.2.3