Bug#682605: libopendkim1: SEGV when libunbound gives an error callback

Mon, 23 Jul 2012 21:09:19 -0700 

Package: libopendkim1
Version: 2.0.1+dfsg-1
Severity: important
Tags: patch

When unbound calls back to libopendkim with an error code the result->rcode
value will be dereferenced.  As result is a NULL pointer this causes a SEGV.
The following patch makes it not reference result if it's an error condition
and thus avoid a SEGV in code which links against libopendkim.

I've listed this as important because it can cause server processes to crash
in response to input from the Internet.  I first saw this when a custom DKIM
milter daemon started crashing in response to legitimate DKIM signed mail with
a misconfigured DNS server.  Presumably this could potentially be used for a
DoS attack.

diff -ru old/opendkim-2.0.1+dfsg//libopendkim/dkim-ub.c 
opendkim-2.0.1+dfsg//libopendkim/dkim-ub.c
--- old/opendkim-2.0.1+dfsg//libopendkim/dkim-ub.c      2009-11-22 
08:15:50.000000000 +0000
+++ opendkim-2.0.1+dfsg//libopendkim/dkim-ub.c  2012-07-24 03:31:51.259541947 
+0000
@@ -55,7 +55,6 @@
        ubdata = (struct dkim_unbound_cb_data *) mydata;
        ubdata->ubd_done = FALSE;
        ubdata->ubd_stat = DKIM_STAT_NOKEY;
-       ubdata->ubd_rcode = result->rcode;
        buf = ubdata->ubd_buf;
        buflen = ubdata->ubd_buflen;
 
@@ -64,6 +63,7 @@
                ubdata->ubd_stat = DKIM_STAT_INTERNAL;
                return;
        }
+       ubdata->ubd_rcode = result->rcode;
 
        /*
        **  Check whether reply is either secure or insecure.  If bogus,

-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages libopendkim1 depends on:
ii  libc6                  2.11.3-3          Embedded GNU C Library: Shared 
lib
ii  libssl0.9.8            0.9.8o-4squeeze13 SSL shared libraries
ii  libunbound2            1.4.6-1+squeeze2  library implementing DNS 
resolutio

libopendkim1 recommends no packages.

libopendkim1 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to