From: Wietse Venema Date: Sat, 10 Jun 2017 05:00:00 +0000 (-0500) Subject: postfix-3.0.9 X-Git-Tag: v3.0.9^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=613a1f197b40c52661a4439218ab56065bcf76b7;p=thirdparty%2Fpostfix.git postfix-3.0.9 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 0c5caedf7..876a374b4 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -21843,3 +21843,17 @@ Apologies for any names omitted. senders with "smtpd_reject_unlisted_recipient = yes" or with reject_unlisted_sender. Stephen R. van den Berg (Mr. procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c. + +20170430 + + Safety net: append a null byte to vstring buffers, so that + C-style string operations won't scribble past the end. File: + vstring.c. + +20170610 + + Workaround (introduced: Postfix 3.0 20140718): prevent MIME + downgrade of Postfix-generated message/delivery status. + It's supposed to be 7bit, therefore quoted-printable encoding + is not expected. Problem reported by Griff. File: + bounce/bounce_notify_util.c. diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c index fbcda18d4..65a874d9d 100644 --- a/postfix/src/bounce/bounce_notify_util.c +++ b/postfix/src/bounce/bounce_notify_util.c @@ -637,7 +637,9 @@ int bounce_header_dsn(VSTREAM *bounce, BOUNCE_INFO *bounce_info) (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ? "global-" : ""); /* Fix 20140709: addresses may be 8bit. */ - if (NOT_7BIT_MIME(bounce_info)) + if (NOT_7BIT_MIME(bounce_info) + /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */ + && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED)) post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s", bounce_info->mime_encoding); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 49a683909..f5c73303f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170101" -#define MAIL_VERSION_NUMBER "3.0.8" +#define MAIL_RELEASE_DATE "20170610" +#define MAIL_VERSION_NUMBER "3.0.9" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c index 84c92989a..189431fc4 100644 --- a/postfix/src/util/vstring.c +++ b/postfix/src/util/vstring.c @@ -280,6 +280,10 @@ #include "vbuf_print.h" #include "vstring.h" +#ifndef SSIZE_T_MAX +#define SSIZE_T_MAX __MAXINT__(ssize_t) +#endif + /* vstring_extend - variable-length string buffer extension policy */ static void vstring_extend(VBUF *bp, ssize_t incr) @@ -299,10 +303,13 @@ static void vstring_extend(VBUF *bp, ssize_t incr) * (The tests are redundant as long as mymalloc() and myrealloc() reject * negative length parameters). */ - new_len = bp->len + (bp->len > incr ? bp->len : incr); - if (new_len <= bp->len) + if (bp->len > incr) + incr = bp->len; + if (bp->len > SSIZE_T_MAX - incr - 1) msg_fatal("vstring_extend: length overflow"); - bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len); + new_len = bp->len + incr; + bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1); + bp->data[new_len] = 0; bp->len = new_len; bp->ptr = bp->data + used; bp->cnt = bp->len - used; @@ -342,12 +349,13 @@ VSTRING *vstring_alloc(ssize_t len) { VSTRING *vp; - if (len < 1) + if (len < 1 || len > SSIZE_T_MAX - 1) msg_panic("vstring_alloc: bad length %ld", (long) len); vp = (VSTRING *) mymalloc(sizeof(*vp)); vp->vbuf.flags = 0; vp->vbuf.len = 0; - vp->vbuf.data = (unsigned char *) mymalloc(len); + vp->vbuf.data = (unsigned char *) mymalloc(len + 1); + vp->vbuf.data[len] = 0; vp->vbuf.len = len; VSTRING_RESET(vp); vp->vbuf.data[0] = 0;