Mailing List Archive

https://bugs.exim.org/show_bug.cgi?id=2634

Jeremy Harris <jgh146exb@wizmail.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unallocated@exim.org |jgh146exb@wizmail.org

--- Comment #2 from Jeremy Harris <jgh146exb@wizmail.org> ---
Seems clear enough; thanks for discovering it.

This is why we need volunteers to run the less-popular platforms as buildfarm
animals. I note that NetBSD is not in the set of supported platforms, per
the files in src/OS. This we be down to lack of such enthusiasm.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2634

Git Commit <git@exim.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |git@exim.org

--- Comment #3 from Git Commit <git@exim.org> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/e0ae68c8ee6788508da4989ee0d6fcbaf40c7b97

commit e0ae68c8ee6788508da4989ee0d6fcbaf40c7b97
Author: Gavan <gavan@coolfactor.org>
AuthorDate: Fri Aug 21 15:46:01 2020 +0100
Commit: Jeremy Harris <jgh146exb@wizmail.org>
CommitDate: Fri Aug 21 15:46:01 2020 +0100

Taint: fix off-by-one in is_tainted(). Bug 2634
---
doc/doc-txt/ChangeLog | 5 +++++
src/src/store.c | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index eb64e0a..9048e3f 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -111,6 +111,11 @@ JH/22 Bug 2265: Force SNI usage for smtp transport DANE'd
connections, to be
JH/23 Logging: with the +tls_sni log_selector, do not wrap the received SNI
in quotes.

+JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
+ is_tainted() had an off-by-one error in the overenthusiastic direction.
+ Find and fix by Gavan. Although NetBSD is not a supported platform for
+ 4.94 this bug could affect other platforms.
+

Exim version 4.94
-----------------
diff --git a/src/src/store.c b/src/src/store.c
index 47d6f91..df7078f 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -188,14 +188,14 @@ for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase);
pool++)
if ((b = current_block[pool]))
{
uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
- if (US p >= bc && US p <= bc + b->length) return TRUE;
+ if (US p >= bc && US p < bc + b->length) return TRUE;
}

for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
for (b = chainbase[pool]; b; b = b->next)
{
uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
- if (US p >= bc && US p <= bc + b->length) return TRUE;
+ if (US p >= bc && US p < bc + b->length) return TRUE;
}
return FALSE;
}

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##