Subject: unblock: dspam/3.10.1+dfsg-9 Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: normal This mail follow the discussion with Jonathan Wiltshire in bug #698701 [1], hence the In-Reply-To. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698701#32 Le lundi 11 février 2013 23:45:46, Thomas Preud'homme a écrit : > > I'd rather have a fix though. I came up with this patch. % egrep -RIn "recipient[^s]*=" src src/dspam.c:503: ATX->recipient = CTX->username; src/dspam.c:948: ATX->recipient=args; src/dspam.c:1675: ATX->recipient = node_rcpt->ptr; src/dspam.c:1683: ATX->recipient = node_nt->ptr; src/dspam.c:1694: ATX->recipient = mailbox; mailbox and args are of respective size 256 and 1024 bytes. node_rcpt->ptr and node_nt->ptr on the other hand are exactly the size of the string. They are allocated when calling nt_add (which call nt_node_create). Thus, the approach is to copy node_rcpt->ptr and node_nt->ptr into an array of size 256 as well and this size can be used to limit the strlcpy when copying CTX->username to ATX->recipient. I don't like to hardcode the size but didn't find anything better for now. I'll forward upstream and let him find a long term solution. Would you agree for an upload to tpu with sufficient testing in unstable before? Best regards, Thomas
diff -Nru dspam-3.10.2+dfsg/debian/changelog dspam-3.10.2+dfsg/debian/changelog --- dspam-3.10.2+dfsg/debian/changelog 2013-02-11 14:55:20.000000000 +0100 +++ dspam-3.10.2+dfsg/debian/changelog 2013-02-22 11:54:57.000000000 +0100 @@ -1,3 +1,10 @@ +dspam (3.10.2+dfsg-7) unstable; urgency=low + + * Add a new version of the patch fixing recipient corruption when releasing + a message from quarantine (Closes: #698136). + + -- Thomas Preud'homme <robotux@debian.org> Fri, 22 Feb 2013 11:28:17 +0100 + dspam (3.10.2+dfsg-6) unstable; urgency=low * Drop patch fixing recipient corruption when releasing a message from diff -Nru dspam-3.10.2+dfsg/debian/patches/009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff dspam-3.10.2+dfsg/debian/patches/009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff --- dspam-3.10.2+dfsg/debian/patches/009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff 1970-01-01 01:00:00.000000000 +0100 +++ dspam-3.10.2+dfsg/debian/patches/009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff 2013-02-22 11:54:57.000000000 +0100 @@ -0,0 +1,53 @@ +Description: Fix recipient corruption when releasing a message from quarantine + +When releasing mail from quarantine, dspam corrupts the FROM part in the +SMTP/LMTP handshake. + +Author: Allan Ievers <aimail-dspam_users@rearden.com> +Origin: vendor +Bug-Debian: http://bugs.debian.org/698136 +Forwarded: no +Last-Update: 2013-01-14 + +--- a/src/dspam.c ++++ b/src/dspam.c +@@ -499,8 +499,9 @@ process_message ( + ATX->train_pristine = 1; + } + +- /* Change also the mail recipient */ +- ATX->recipient = CTX->username; ++ /* Change also the mail recipient. ATX->recipient either points to ++ * recipient[] or mailbox[] in process_users, hence the size of 256 */ ++ strlcpy(ATX->recipient, CTX->username, 256); + + } + } +@@ -1634,6 +1635,7 @@ int process_users(AGENT_CTX *ATX, buffer *message) { + char filename[MAX_FILENAME_LENGTH]; + int optin, optout; + char *username = NULL; ++ char recipient[256]; + + /* If ServerParameters specifies a --user, there will only be one + * instance on the stack, but possible multiple recipients. So we +@@ -1672,7 +1674,7 @@ int process_users(AGENT_CTX *ATX, buffer *message) { + username = node_nt->ptr; + + if (node_rcpt) { +- ATX->recipient = node_rcpt->ptr; ++ strlcpy(recipient, node_rcpt->ptr, sizeof(recipient)); + node_rcpt = c_nt_next (ATX->recipients, &c_rcpt); + } else { + +@@ -1680,8 +1682,9 @@ int process_users(AGENT_CTX *ATX, buffer *message) { + if (have_rcpts) + break; + +- ATX->recipient = node_nt->ptr; ++ strlcpy(recipient, node_nt->ptr, sizeof(recipient)); + } ++ ATX->recipient = recipient; + + /* If support for "+detail" is enabled, save full mailbox name for + delivery and strip detail for processing */ diff -Nru dspam-3.10.2+dfsg/debian/patches/series dspam-3.10.2+dfsg/debian/patches/series --- dspam-3.10.2+dfsg/debian/patches/series 2013-02-11 14:55:20.000000000 +0100 +++ dspam-3.10.2+dfsg/debian/patches/series 2013-02-22 11:54:57.000000000 +0100 @@ -5,3 +5,4 @@ 006_default-daemon-port.diff 007_process_quarantine_if_spanish.diff 008_fix_exim_integration_doc.diff +009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff
Attachment:
signature.asc
Description: This is a digitally signed message part.