From 13fd65f44fdd54e13f60b5e482f3775fbd92e1bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= Date: Mon, 21 Aug 2017 18:23:21 +0200 Subject: [PATCH] Defuzzified format-security patch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jaroslav Škarvada --- sendmail-8.15.2-format-security.patch | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/sendmail-8.15.2-format-security.patch b/sendmail-8.15.2-format-security.patch index 290a4a0..5acd75a 100644 --- a/sendmail-8.15.2-format-security.patch +++ b/sendmail-8.15.2-format-security.patch @@ -1,13 +1,5 @@ -Author: Andreas Beckmann -Description: fix FTBFS with -Werror=format-security - If a message string from an (untrusted) external source may start with a - smtp status code ("123 4.5.6 Foobar"), we cannot sanitize this via - ("%s", string) since the status code is expected as part of the format - string. Therefore verify that the message string contains no formatting - codes before passing it as the format string. Add a dummy argument to - suppress the "format not a string literal and no format arguments" error - in this case. - +diff --git a/sendmail/envelope.c b/sendmail/envelope.c +index bae6b00..beb91a1 100644 --- a/sendmail/envelope.c +++ b/sendmail/envelope.c @@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split) @@ -28,9 +20,11 @@ Description: fix FTBFS with -Werror=format-security e->e_flags |= EF_WARNING; } if (msg_timeout == MSG_WARN_BY) +diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c +index 2adb39c..ba99414 100644 --- a/sendmail/parseaddr.c +++ b/sendmail/parseaddr.c -@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimpt +@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt) msg = "Deferring message until queue run"; if (tTd(20, 1)) sm_dprintf("parseaddr: queueing message\n"); @@ -39,6 +33,8 @@ Description: fix FTBFS with -Werror=format-security if (e->e_message == NULL && e->e_sendmode != SM_DEFER) e->e_message = sm_rpool_strdup_x(e->e_rpool, msg); a->q_state = QS_QUEUEUP; +diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +index ba636a8..46c5356 100644 --- a/sendmail/srvrsmtp.c +++ b/sendmail/srvrsmtp.c @@ -122,6 +122,26 @@ extern ENVELOPE BlankEnvelope; @@ -68,7 +64,7 @@ Description: fix FTBFS with -Werror=format-security /* ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT) ** -@@ -578,13 +598,13 @@ static bool smtp_data __P((SMTP_T *, ENV +@@ -578,13 +598,13 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *)); bool tsave = QuickAbort; \ \ QuickAbort = false; \ @@ -102,7 +98,7 @@ Description: fix FTBFS with -Werror=format-security else usrerr("550 5.0.0 %s", nullserver); -@@ -2452,7 +2472,7 @@ smtp(nullserver, d_flags, e) +@@ -2449,7 +2469,7 @@ smtp(nullserver, d_flags, e) tempfail = true; smtp.sm_milterize = false; if (response != NULL) @@ -111,7 +107,7 @@ Description: fix FTBFS with -Werror=format-security else message("421 4.7.0 %s closing connection", MyHostName); -@@ -3659,7 +3679,7 @@ smtp_data(smtp, e) +@@ -3656,7 +3676,7 @@ smtp_data(smtp, e) (void) extenhsc(response + 4, ' ', e->e_enhsc); #endif /* _FFR_MILTER_ENHSC */ @@ -120,7 +116,7 @@ Description: fix FTBFS with -Werror=format-security if (strncmp(response, "421 ", 4) == 0 || strncmp(response, "421-", 4) == 0) { -@@ -3779,7 +3799,7 @@ smtp_data(smtp, e) +@@ -3776,7 +3796,7 @@ smtp_data(smtp, e) if (ISSMTPCODE(response)) (void) extenhsc(response + 4, ' ', e->e_enhsc); #endif /* _FFR_MILTER_ENHSC */