Gitweb:
http://git.exim.org/exim.git/commitdiff/0de7239e563eff6e83c3e72d7deb9fd26a54a3a7
Commit: 0de7239e563eff6e83c3e72d7deb9fd26a54a3a7
Parent: 7685ce68148a083d7759e78d01aa5198fc099c44
Author: Todd Lyons <tlyons@???>
AuthorDate: Fri Jul 18 11:42:08 2014 -0700
Committer: Todd Lyons <tlyons@???>
CommitDate: Mon Jul 21 07:28:07 2014 -0700
Documentation/Tests for CVE-2014-2972 fix
---
doc/doc-txt/ChangeLog | 4 ++++
test/aux-fixed/0002.lsearch | 1 +
test/scripts/0000-Basic/0002 | 1 +
test/stdout/0002 | 1 +
4 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 770b106..61086c7 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -150,6 +150,10 @@ PP/02 Fix internal collision of T_APL on systems which support RFC3123
JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
+TL/15 SECURITY: prevent double expansion in math comparison functions
+ (can expand unsanitized data). Not remotely exploitable.
+ CVE-2014-2972
+
Exim version 4.82
-----------------
diff --git a/test/aux-fixed/0002.lsearch b/test/aux-fixed/0002.lsearch
index dcf198b..5cd6b1a 100644
--- a/test/aux-fixed/0002.lsearch
+++ b/test/aux-fixed/0002.lsearch
@@ -1,2 +1,3 @@
ten-1.test.ex
10.0.0.2
+trick: ${substr_2_2:65535}
diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002
index 7b6c34b..51dc6ae 100644
--- a/test/scripts/0000-Basic/0002
+++ b/test/scripts/0000-Basic/0002
@@ -331,6 +331,7 @@ mask: ${if eq {1}{2}{${mask:invalid}}{NO}}
5>3m: ${if >{5 } {3m }{y}{n}}
5>3z: ${if >{5 } {3z }{y}{n}}
5>a: ${if >{ 5 } {a}{y}{n}}
+5>bad: ${if >{5 } {${lookup{trick}lsearch{DIR/aux-fixed/0002.lsearch}}} {y}{n}}
>0: ${if > {}{0}{y}{n}}
=: ${if = {}{}{y}{n}}
diff --git a/test/stdout/0002 b/test/stdout/0002
index 64e5719..7200bf3 100644
--- a/test/stdout/0002
+++ b/test/stdout/0002
@@ -304,6 +304,7 @@
> 5>3m: n
> Failed: invalid integer "3z "
> Failed: integer expected but "a" found
+> Failed: integer expected but "${substr_2_2:65535}" found
>
> >0: n
> =: y
