Re: potential security hole(s) in 1.71

Etusivu
Poista viesti
Vastaa
Lähettäjä: T. William Wells
Päiväys:  
Vastaanottaja: Philip Hazel
Kopio: exim-users
Aihe: Re: potential security hole(s) in 1.71
> > 2) exim copies, using strcpy, the results of gethostbyaddr,
> >     in at least one place. An immediate attack method is to
> >     create a long HELO line and a tailored DNS record to
> >     create overruns.

>
> I can't find this code. There is only one call to gethostbyaddr() in
> exim (well, some different versions for IPv4 and IPv6), and afterwards,
> the code (version 1.71) reads


Right. But the function that contains it is called in a few
places. The one that bothered me was in the HELO processing, where
you substituted the address found (ultimately) by gethostbyname
for the one on the HELO line.

--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/