[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src/transports appendfile.c
nm4 2010/05/26 13:26:01 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src/transports appendfile.c 
  Log:
  Prevent hardlink attack on mbox sticky mail directory. fixes: bug #988


  Revision  Changes    Path
  1.608     +3 -0      exim/exim-doc/doc-txt/ChangeLog
  1.25      +12 -0     exim/exim-src/src/transports/appendfile.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.607
  retrieving revision 1.608
  diff -u -r1.607 -r1.608
  --- ChangeLog    23 Mar 2010 14:06:48 -0000    1.607
  +++ ChangeLog    26 May 2010 12:26:00 -0000    1.608
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.607 2010/03/23 14:06:48 jetmore Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.608 2010/05/26 12:26:00 nm4 Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -25,6 +25,9 @@

JJ/03 installed exipick 20100323.0, fixing doc bug

  +NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
  +      directory.  Notification and patch from Dan Rosenberg
  +


Exim version 4.71
-----------------

  Index: appendfile.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/transports/appendfile.c,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- appendfile.c    16 Nov 2009 19:50:39 -0000    1.24
  +++ appendfile.c    26 May 2010 12:26:01 -0000    1.25
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/transports/appendfile.c,v 1.24 2009/11/16 19:50:39 nm4 Exp $ */
  +/* $Cambridge: exim/exim-src/src/transports/appendfile.c,v 1.25 2010/05/26 12:26:01 nm4 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1806,6 +1806,18 @@
           goto RETURN;
           }


  +      /* Just in case this is a sticky-bit mail directory, we don't want
  +      users to be able to create hard links to other users' files. */
  +
  +      if (statbuf.st_nlink != 1)
  +        {
  +        addr->basic_errno = ERRNO_NOTREGULAR;
  +        addr->message = string_sprintf("mailbox %s%s has too many links (%d)",
  +          filename, islink? " (symlink)" : "", statbuf.st_nlink);
  +        goto RETURN;
  +
  +        }
  +
         /* If symlinks are permitted (not recommended), the lstat() above will
         have found the symlink. Its ownership has just been checked; go round
         the loop again, using stat() instead of lstat(). That will never yield a