Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-7] src/usr.bin/mail

Module Name:    src
Committed By:   snj
Date:           Thu Apr 23 19:46:40 UTC 2015

Modified Files:
        src/usr.bin/mail [netbsd-7]: cmd3.c extern.h fio.c mail.1 names.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #719):
        usr.bin/mail/cmd3.c: revision 1.43
        usr.bin/mail/extern.h: revision 1.33
        usr.bin/mail/fio.c: revisions 1.41, 1.42
        usr.bin/mail/mail.1: revision 1.61
        usr.bin/mail/names.c: revision 1.31, 1.32
        usr.bin/mail/send.c: revision 1.38
Fix various security related issues:
    0001. Do not recognize paths, mail folders, and pipes in mail addresses
    by default.  That avoids a direct command injection with syntactically
    valid email addresses starting with |.
    Such addresses can be specified both on the command line, the mail
    headers (with -t) or in address lines copied over from previous
    while replying.
    This was assigned CVE-2014-7844 for some versions of BSD mailx.  It is
    documented behavior for Heirloom mailx, and was mentioned in an old
    technical report about BSD mailx (which does not usually make its way
    into operating system installations).  The patch switches off this
    processing and updates the documentation.
Added expandaddr option to explicitly enable this behavior.
    0002. When invoking sendmail, prevent option processing for email
    address arguments.  This prevents changing e.g. the Postfix
    configuration file in unexpected ways.  This behavior was documented for
    BSD mailx (sort of), but not for Heirloom mailx.  We did not assign a
    CVE to this because it is more of a missing feature, and code invoking
    mailx needs adjustment in the caller as well.
    0003. Make wordexp support mandatory.  (No functional change.)
Fixed (replaced explicit shell pipe implementation).
    0004. Prevent command execution in the expand function, which is IMHO
    unexpected.  (Not really required with patch 1, and there is still
    information disclosure/DoS potential if this expansion occurs.)  This is
    a historic vulnerability already fixed in the Debian package,
    retroactively assigned CVE-2004-2771:
Fixed (as part of the pipe replacement with wordexp).
fix incorrect arg size computation

To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.42.10.1 src/usr.bin/mail/cmd3.c
cvs rdiff -u -r1.32 -r1.32.10.1 src/usr.bin/mail/extern.h
cvs rdiff -u -r1.40 -r1.40.8.1 src/usr.bin/mail/fio.c
cvs rdiff -u -r1.60 -r1.60.8.1 src/usr.bin/mail/mail.1
cvs rdiff -u -r1.30 -r1.30.8.1 src/usr.bin/mail/names.c
cvs rdiff -u -r1.37 -r1.37.10.1 src/usr.bin/mail/send.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index