Fixed multiple memory leaks

Resolves: CVE-2017-1000369 Fixed typo causing exim-clamav to create /0750 directory Resolves: rhbz#1412028
2017-08-18 17:11:35 +02:00 · 2017-08-18 17:11:35 +02:00 · 2e136ca6db
commit 2e136ca6db
parent 380c24f72f
2 changed files with 47 additions and 2 deletions
--- a/exim-4.87-CVE-2017-1000369.patch
+++ b/exim-4.87-CVE-2017-1000369.patch
@ -0,0 +1,37 @@
+diff --git a/src/exim.c b/src/exim.c
+index ede4e0b..0e6d08c 100644
+--- a/src/exim.c
+++ b/src/exim.c
+@@ -3075,7 +3075,14 @@ for (i = 1; i < argc; i++)
+ 
+       /* -oMr: Received protocol */
+ 
+-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
+      else if (Ustrcmp(argrest, "Mr") == 0)
+
+        if (received_protocol)
+          {
+          fprintf(stderr, "received_protocol is set already\n");
+          exit(EXIT_FAILURE);
+          }
+        else received_protocol = argv[++i];
+ 
+       /* -oMs: Set sender host name */
+ 
+@@ -3171,7 +3178,15 @@ for (i = 1; i < argc; i++)
+ 
+     if (*argrest != 0)
+       {
+-      uschar *hn = Ustrchr(argrest, ':');
+      uschar *hn;
+
+      if (received_protocol)
+        {
+        fprintf(stderr, "received_protocol is set already\n");
+        exit(EXIT_FAILURE);
+        }
+
+      hn = Ustrchr(argrest, ':');
+       if (hn == NULL)
+         {
+         received_protocol = argrest;
--- a/exim.spec
+++ b/exim.spec
@ -14,7 +14,7 @@
 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.87.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@ -62,6 +62,7 @@ Patch25: exim-4.87-dynlookup-config.patch
 # Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584
 Patch26: exim-4.85-pic.patch
 Patch27: exim-4.87-environment.patch
+Patch28: exim-4.87-CVE-2017-1000369.patch

 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
@ -208,6 +209,7 @@ greylisting unconditional.
 %patch25 -p1 -b .dynconfig
 %patch26 -p1 -b .fpic
 %patch27 -p1 -b .environment
+%patch28 -p1 -b .CVE-2017-1000369

 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@ -519,7 +521,7 @@ fi

 %if %{with clamav}
 %post clamav
-/bin/mkdir -p 0750 %{_var}/run/clamd.exim
+/bin/mkdir -pm 0750 %{_var}/run/clamd.exim
 /bin/chown exim:exim %{_var}/run/clamd.exim
 /bin/touch %{_var}/log/clamd.exim
 /bin/chown exim.exim %{_var}/log/clamd.exim
@ -587,6 +589,12 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh

 %changelog
+* Fri Aug 18 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87.1-2
+- Fixed multiple memory leaks
+  Resolves: CVE-2017-1000369
+- Fixed typo causing exim-clamav to create /0750 directory
+  Resolves: rhbz#1412028
+
 * Sun Dec 25 2016 David Woodhouse <dwmw2@infradead.org> - 4.87.1-1
 - Update to 4.87.1 (CVE-2016-9963 / rhbz#1405323)