Package: postsrsd / 1.10-2

Metadata

Package Version Patches format
postsrsd 1.10-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Run as postsrsd user by default.patch | (download)

init/postsrsd-systemd-launcher.in | 2 1 + 1 - 0 !
init/postsrsd.default.in | 2 1 + 1 - 0 !
init/postsrsd.sysv-lsb.in | 2 1 + 1 - 0 !
init/postsrsd.sysv-redhat.in | 2 1 + 1 - 0 !
4 files changed, 4 insertions(+), 4 deletions(-)

 run as postsrsd user by default

0002 SECURITY Fix DoS on overly long input from Postfix.patch | (download)

postsrsd.c | 52 32 + 20 - 0 !
run_postsrsd_tests.bats | 40 36 + 4 - 0 !
2 files changed, 68 insertions(+), 24 deletions(-)

 security: fix dos on overly long input from postfix
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Thanks to Mateusz JoŇĄczyk who reported this issue and gave valuable
feedback for its resolution.

PostSRSd would hang on an overly long GET request, because the
fread()/fwrite() logic in the subprocess would get confused by the
remaining input line in its buffer.

Theoretically, this error should never occur, as Postfix is supposed to
send valid email addresses only, which are shorter than the buffer, even
assuming every single character is percent-encoded. However, Postfix
sometimes does seem to send malformed request with multiple concatenated
email addresses. I'm not sure if there's a reliable way to trigger this
condition by an external attacker, but it is a security bug in PostSRSd
nevertheless.

Fixes CVE-2021-35525.