packages/exim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-51766

Browse Source
This commit is contained in:
technology208 2024-07-09 11:14:44 +08:00
parent 62d2ba9dfe
commit 22eb0ee500
2 changed files with 87 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
CVE-2023-51766.patch Normal file
View File

@ -0,0 +1,81 @@
From f172a89c065d732898181b0b3f8e7abdae533d06 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 9 Jul 2024 10:44:57 +0800
Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063
---
src/receive.c | 15 +++++++++++----
src/smtp_in.c | 13 ++++++++-----
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/receive.c b/src/receive.c
index 0a27c79..8639fa9 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -1948,8 +1948,10 @@ for (;;)
if (ch == '\n')
{
- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
- else if (first_line_ended_crlf) receive_ungetc(' ');
+ if (first_line_ended_crlf == TRUE_UNSET)
+ first_line_ended_crlf = FALSE;
+ else if (first_line_ended_crlf)
+ receive_ungetc(' ');
goto EOL;
}
@@ -1965,7 +1967,11 @@ for (;;)
if (f.dot_ends && ptr == 0 && ch == '.')
{
ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
- if (ch == '\r')
+ if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ )
+ /* dot, LF but we are in CRLF mode. Attack? */
+ ch = ' '; /* replace the LF with a space */
+
+ else if (ch == '\r')
{
ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch != '\n')
@@ -2001,7 +2007,8 @@ for (;;)
ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch == '\n')
{
- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
+ if (first_line_ended_crlf == TRUE_UNSET)
+ first_line_ended_crlf = TRUE;
goto EOL;
}
diff --git a/src/smtp_in.c b/src/smtp_in.c
index edb0adf..3119bad 100644
--- a/src/smtp_in.c
+++ b/src/smtp_in.c
@@ -5432,15 +5432,18 @@ while (done <= 0)
}
if (chunking_state > CHUNKING_OFFERED)
- rc = OK; /* No predata ACL or go-ahead output for BDAT */
+ rc = OK; /* There is no predata ACL or go-ahead output for BDAT */
else
{
- /* If there is an ACL, re-check the synchronization afterwards, since the
- ACL may have delayed. To handle cutthrough delivery enforce a dummy call
- to get the DATA command sent. */
+ /* If there is a predata-ACL, re-check the synchronization afterwards,
+ since the ACL may have delayed. To handle cutthrough delivery enforce a
+ dummy call to get the DATA command sent. */
if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
- rc = OK;
+ {
+ if (!check_sync()) goto SYNC_FAILURE;
+ rc = OK;
+ }
else
{
uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept";
--
2.27.0

6
exim.spec
View File

@ -4,7 +4,7 @@
Summary: The exim mail transfer agent Summary: The exim mail transfer agent
Name: exim Name: exim
Version: 4.96 Version: 4.96
Release: 1 Release: 2
License: GPLv2+ License: GPLv2+
Url: https://www.exim.org/ Url: https://www.exim.org/
@ -43,6 +43,7 @@ Patch3: exim-4.96-pic.patch
Patch4: exim-4.96-opendmarc-1.4-build-fix.patch Patch4: exim-4.96-opendmarc-1.4-build-fix.patch
# https://bugs.exim.org/show_bug.cgi?id=2899 # https://bugs.exim.org/show_bug.cgi?id=2899
Patch5: exim-4.96-build-fix.patch Patch5: exim-4.96-build-fix.patch
Patch6: CVE-2023-51766.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: setup Requires: setup
@ -482,5 +483,8 @@ fi
%{_sysconfdir}/cron.daily/greylist-tidy.sh %{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog %changelog
* Tue Jul 9 2024 technology208 <technology@208suo.com> - 4.96-2
- Fix CVE-2023-51766
* Tue Oct 18 2022 zhuchao <tom_toworld@163.com> - 4.96-1 * Tue Oct 18 2022 zhuchao <tom_toworld@163.com> - 4.96-1
- DESC:Package init - DESC:Package init