> > 2) exim copies, using strcpy, the results of gethostbyaddr,
> > in at least one place. An immediate attack method is to
> > create a long HELO line and a tailored DNS record to
> > create overruns.
>
> I can't find this code. There is only one call to gethostbyaddr() in
> exim (well, some different versions for IPv4 and IPv6), and afterwards,
> the code (version 1.71) reads
Right. But the function that contains it is called in a few
places. The one that bothered me was in the HELO processing, where
you substituted the address found (ultimately) by gethostbyname
for the one on the HELO line.
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/
