Package: pktstat / 1.8.5-5

10-CVE-2013-0350-bug-701211-no-tmp.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
From: Jari Aalto <jari.aalto@cante.net>
Subject: Do now write log to /tmp (CVE-2013-0350; Bug#701211)

---
 tcp_smtp.c |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- a/tcp_smtp.c
+++ b/tcp_smtp.c
@@ -152,10 +152,10 @@
 FILE*log;
 
 	state = (struct smtp_state *)f->udata;
-
+/*
 if ((log = fopen("/tmp/smtp.log", "a")))
    fprintf(log, "smpt_line [%s]\n", line);
-
+*/
 	if (state->in_data) {
 	    if (strcmp(line, ".") == 0) {
 		state->in_data = 0;
@@ -180,18 +180,18 @@
 	} else {
 	    /* Normalize the command line */
 	    normalize_line(line);
-if (log)fprintf(log, "normalized to [%s]\n", line);
+/* if (log)fprintf(log, "normalized to [%s]\n", line); */
 	    if ((s = strip_prefix(line, "MAIL FROM:"))) {
 		snprintf(state->from_addr, sizeof state->from_addr, "%s", s);
 		normalize_addr(state->from_addr);
 		addr_changed = 1;
-if (log)fprintf(log, "from_addr = [%s]\n", state->from_addr);
+/* if (log)fprintf(log, "from_addr = [%s]\n", state->from_addr); */
 	    }
 	    else if ((s = strip_prefix(line, "RCPT TO:"))) {
 		snprintf(state->to_addr, sizeof state->to_addr, "%s", s);
 		normalize_addr(state->to_addr);
 		addr_changed = 1;
-if (log)fprintf(log, "to_addr = [%s]\n", state->to_addr);
+/* if (log)fprintf(log, "to_addr = [%s]\n", state->to_addr); */
 	    }
 	    else if (strcmp(line, "DATA") == 0) {
 		state->in_data = 1;
@@ -213,10 +213,10 @@
 		if (strcmp(line, "QUIT") != 0)
 		    snprintf(f->desc, sizeof f->desc, "%s", line);
 	    }
-if (log)fprintf(log, "set desc to: [%s]\n", f->desc);
+/* if (log)fprintf(log, "set desc to: [%s]\n", f->desc); */
 	}
 
-if (log)fclose(log);
+/* if (log)fclose(log); */
 }
 
 /*