Re: [exim-dev] Security release for CVE-2016-1531: 4.84.2, 4…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587
CC: exim-dev
Subject: Re: [exim-dev] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5]
The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587 <doctor@???> (Do 03 Mär 2016 14:47:44 CET):
> tarball
> build-BSDI4-i386
> gcc3


Please try the attached patch. It should be applied to the unpacked
exim-4.86.2.tar.gz

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

diff -ruN exim-4.86.2/OS/os.h-BSDI exim-4.86.2-patched/OS/os.h-BSDI
--- exim-4.86.2/OS/os.h-BSDI    2016-03-02 18:27:51.000000000 +0100
+++ exim-4.86.2-patched/OS/os.h-BSDI    2016-03-03 15:30:56.339436991 +0100
@@ -11,4 +11,7 @@
 /* default is non-const */
 #define ICONV_ARG2_TYPE const char **


+/* void unsetenv(const char*) contrary to POSIX.1-2001 */
+#define HAVE_VOID_UNSETENV
+
 /* End */
diff -ruN exim-4.86.2/src/environment.c exim-4.86.2-patched/src/environment.c
--- exim-4.86.2/src/environment.c       2016-03-02 18:27:51.000000000 +0100
+++ exim-4.86.2-patched/src/environment.c       2016-03-03 15:31:31.107538701 +0100
@@ -21,6 +21,12 @@
             FALSE otherwise
 */


+#ifdef HAVE_VOID_UNSETENV
+static int exim_unsetenv(const char *s) { unsetenv(s); return 0; }
+#else
+static int exim_unsetenv(const char *s) { return unsetenv(s); }
+#endif
+
 BOOL
 cleanup_environment()
 {
@@ -51,7 +57,7 @@
       uschar *name = string_copyn(*p, eqp - *p);
       if (OK != match_isinlist(name, CUSS &keep_environment,
           0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL))
-        if (unsetenv(CS name) < 0) return FALSE;
+        if (exim_unsetenv(CS name) < 0) return FALSE;
         else p = USS environ; /* RESTART from the beginning */
       else p++;
       store_reset(name);