From 16566b2c3d6dafac09cacb39f7d059bac29afc40 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sat, 28 Sep 2002 00:00:00 -0500 Subject: [PATCH] postfix-1.1.11-20020928 --- postfix/HISTORY | 8 ++++++++ postfix/src/global/mail_version.h | 2 +- postfix/src/smtpd/smtpd_check.c | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 534ec272d..f44567785 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7024,6 +7024,14 @@ Apologies for any names omitted. unavailable, causing the restrictions parser to get out if sync. Spotted by Ralf Hildebrandt. File: smtpd/smtpd_check.c. +20020928 + + Bugfix: missing %s in the 20020923 RBL code. This was not + exploitable because Postfix implements only a safe subset + of all printf format operators and because memory for the + result is dynamically allocated. Victor Duchovni. File: + smtpd/smtpd_check.c. + Open problems: Low: smtpd should log queue ID with reject/warn/hold/discard diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 6319c6598..c5405dd5f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20020924" +#define MAIL_RELEASE_DATE "20020928" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "1.1.11-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 6e78d30fd..9fe7cfed2 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -448,7 +448,7 @@ static void PRINTFLIKE(3, 4) defer_if(SMTPD_DEFER *, int, const char *,...); * Cached RBL lookup state. */ typedef struct { - char *txt; /* TXT record or null */ + char *txt; /* TXT record or "" */ } SMTPD_RBL_STATE; static void *rbl_pagein(const char *, void *); @@ -2348,7 +2348,7 @@ static int rbl_reject_reply(SMTPD_STATE *state, SMTPD_RBL_STATE *rbl, myname, rbl_domain, template); template = 0; /* pretend not found */ } - result = smtpd_check_reject(state, MAIL_ERROR_POLICY, STR(why)); + result = smtpd_check_reject(state, MAIL_ERROR_POLICY, "%s", STR(why)); /* * Clean up.