admin | 28 Jun 09:18 2016

[Bug 1853] New: DKIM attempts validation on bad signatures / segfaults on invalid base64

https://bugs.exim.org/show_bug.cgi?id=1853

            Bug ID: 1853
           Summary: DKIM attempts validation on bad signatures / segfaults
                    on invalid base64
           Product: Exim
           Version: N/A
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom <at> duncanthrax.net
          Reporter: mrgus <at> disco-zombie.net
                CC: exim-dev <at> exim.org

Created attachment 902
  --> https://bugs.exim.org/attachment.cgi?id=902&action=edit
The variations on a patch and some test cases

Sorry this is kind of long... Changed more than I'd originally meant to, so
feel the need to justify myself.

If the base64 strings for the b= or bh= tags in the DKIM-Signature header are
not actually valid base64, it will cause Exim to segfault.

This is the root problem I was trying to fix, but it took me down a bit of a
rabbit hole. Attached is a patch (dkim_sigfail_full.diff) that will fix this
segfault, as well as improve the handling of other missing or invalid tags in
(Continue reading)

admin | 24 Jun 00:22 2016

[Bug 1851] New: Exim core dump in dkim verification

https://bugs.exim.org/show_bug.cgi?id=1851

            Bug ID: 1851
           Summary: Exim core dump in dkim verification
           Product: Exim
           Version: 4.87
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom <at> duncanthrax.net
          Reporter: yan.huang <at> fusemail.com
                CC: exim-dev <at> exim.org

in exim-4.87-1

when DKIM-Signature has double quotes, base64 decode failed because of
character " and return -1 and then bodyhash.data is set to NULL, dkim
verification core dumps.

DKIM-Signature: v=1; a="rsa-sha256"; c="relaxed/relaxed";
        d="advokatkontoret.onmicrosoft.com";
        s="selector1-advokatkontoret-dk";
        h="From:Date:Subject:Message-ID:Content-Type:MIME-Version";
        bh="cJ9iPsrTIBw5YTGp3pNiGGcSuZuflpjdpu9rLqKqw/U=";

b="Lel92AXONZROIw3mWk/bUdvZ3aEHg031vzyzm/qftN6csDHoSSBcaqiL786PNznlp7t8Rr/K6A2B31jTqvwBYv+JHogvij1k81aGMZ9jtCJTFosU8B9l/3/5mWdriQNZQ9souJ2vr46dmyj7QK5MGpyviRM7wYYtHreAiJE2TGg="

(Continue reading)

admin | 22 Jun 23:42 2016

[Bug 1850] New: "auths/call_radius.c": in switch statement "case REJECT_RC" missing

https://bugs.exim.org/show_bug.cgi?id=1850

            Bug ID: 1850
           Summary: "auths/call_radius.c":  in switch statement "case
                    REJECT_RC" missing
           Product: Exim
           Version: 4.87
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: SMTP Authentication
          Assignee: pdp <at> exim.org
          Reporter: lk <at> mlucom21.urz.uni-halle.de
                CC: exim-dev <at> exim.org

Created attachment 896
  --> https://bugs.exim.org/attachment.cgi?id=896&action=edit
auths/call_radius.c:   case REJECT_RC missing

Until now we used Exim 4.85 with own RADIUS-client (adapted from the 
Merit-Software) with _own_ "auths/call_radius.c".
The "auths/call_radius.c" from the Exim distribution was not used.
All works fine (Solaris 8 and 9 ;-) ).

With the changeover to Solaris10/11 and RADIUSCLIENTNEW with 
"radiusclient-ng-0.5.6" now the exim-own "auths/call_radius.c" is used.

But with the exim-own "auths/call_radius.c" a error occours:
(Continue reading)

Jeffrey Rigby | 8 Jun 22:01 2016
Picon

$message_body empty in the Router Condition

I'm having issues with headers and body variables returning null when called in router conditions. My goal
is to select a router/transport based on either:

- A string appearing in the body of the email (preferred), or
- The value of a custom header

For example, if I have the string "router:1" in the email body I want to use a particular router with a
condition that searches for router:1 in $message_body.

Here's are my two defined routers:

send_via_extsmtp:
  driver = manualroute
  domains = ! +local_domains
  transport = extsmtp_smtp
  route_list = "* mail.optonline.net::587 byname"
  host_find_failed = defer
  condition = ${if match{$message_body}{router:1}}
  headers_add = "X-ROUTER-TEST: ${if match{$message_body}{router:1}}"
  no_more

send_via_extsmtp_nofilter:
  driver = manualroute
  domains = ! +local_domains
  transport = extsmtp_smtp_nofilter
  route_list = "* mail.optonline.net::587 byname"
  host_find_failed = defer
  condition = ${if match{$message_body:}{router:2}}
  no_more

(Continue reading)

admin | 4 Jun 01:59 2016

[Bug 1843] New: DANE options not documented yet.

https://bugs.exim.org/show_bug.cgi?id=1843

            Bug ID: 1843
           Summary: DANE options not documented yet.
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: Documentation
          Assignee: nigel <at> exim.org
          Reporter: jonas <at> freesources.org
                CC: exim-dev <at> exim.org

The new configuration options for dane (e.g. hosts_try_dane) should be
documented.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##
admin | 4 Jun 01:54 2016

[Bug 1842] New: Typo in dnssec_require_domains documentation

https://bugs.exim.org/show_bug.cgi?id=1842

            Bug ID: 1842
           Summary: Typo in dnssec_require_domains documentation
           Product: Exim
           Version: 4.86
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Documentation
          Assignee: nigel <at> exim.org
          Reporter: jonas <at> freesources.org
                CC: exim-dev <at> exim.org

Just spotted a small typo on
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html:
the description for dnssec_require_domains talks about 'dnssec_request_domains'
instead. This should be fixed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##
admin | 1 Jun 14:23 2016

[Bug 1840] New: Exim does not log a Message-ID it generates to fix up a missing one

https://bugs.exim.org/show_bug.cgi?id=1840

            Bug ID: 1840
           Summary: Exim does not log a Message-ID it generates to fix up
                    a missing one
           Product: Exim
           Version: 4.87
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Logging
          Assignee: nigel <at> exim.org
          Reporter: mike.brudenell <at> york.ac.uk
                CC: exim-dev <at> exim.org

When a message arrives over SMTP with submission mode set and has no
"Message-ID:" header, Exim generates a message-id and adds the header line to
the message. This is documented in section 47.1 of the Exim Specification.

However the generated message-id does not get recorded anywhere in the log
files (eg, mainlog). This makes it impossible to supply the Message-ID to the
postmaster of the next-hop mail server to ease tracing a message.

The fault lies in the receive.c file within the receive_msg() function.

After reading and parsing the incoming headers Exim reaches a section of code
that checks whether the msgid_header variable is NULL and, if submission mode
is set, generates a message-id then uses header_add_at_position() to add the
(Continue reading)

admin | 30 May 15:16 2016

[Bug 1839] New: store_malloc should use assert in case of failure

https://bugs.exim.org/show_bug.cgi?id=1839

            Bug ID: 1839
           Summary: store_malloc should use assert in case of failure
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: General execution
          Assignee: nigel <at> exim.org
          Reporter: ytrezq <at> sdf-eu.org
                CC: exim-dev <at> exim.org

Usually when a program abort because allocation fails, SIGABRT should be
raised.

This is usually done by calling assert.

However, exim currently end‑up using exim_exit for this which use a call to
debug_printf. So the trivial way to fix it is to drop some debugging output by
not calling debug_printf(">>>>>>>>>>>>>>>> Exim pid=%d terminating with rc=%d
".

If debugging output shouldn’t be lost  while still using the ability of assert
to print messages, then several functions should be created adding 100 lines of
code.

(Continue reading)

admin | 30 May 13:06 2016

[Bug 1838] New: Check the return value of every calls to malloc()

https://bugs.exim.org/show_bug.cgi?id=1838

            Bug ID: 1838
           Summary: Check the return value of every calls to malloc()
           Product: Exim
           Version: N/A
          Hardware: All
                OS: Windows
            Status: NEW
          Severity: security
          Priority: medium
         Component: Unfiled
          Assignee: nigel <at> exim.org
          Reporter: ytrezq <at> sdf-eu.org
                CC: exim-dev <at> exim.org

In some cases, the values of malloc aren’t checked for NULL.

I fixed this https://github.com/Exim/exim/pull/45 by returning error values if
the function support it or calling store_malloc() otherwise.

Please note this doesn’t concerns only tests.

admin | 26 May 17:00 2016

[Bug 1837] New: small subgroup attack

https://bugs.exim.org/show_bug.cgi?id=1837

            Bug ID: 1837
           Summary: small subgroup attack
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: medium
         Component: TLS
          Assignee: pdp <at> exim.org
          Reporter: luke.valenta <at> gmail.com
                CC: exim-dev <at> exim.org

The Diffie-Hellman parameters (e.g., dh_ike_23_pem) specified in
https://github.com/Exim/exim/blob/master/src/src/std-crypto.c do not include
the subgroup order. It is especially important to include the subgroup order
for groups with small subgroup order, such as RFC 5114 groups 22-24, and to
verify that a received Diffie-Hellman key exchange value is in the correct
subgroup in order to prevent an invalid subgroup attack. To properly validate
subgroup order, for a non-safe prime p and a known subgroup order q, a received
Diffie-Hellman key exchange value y should satisfy y^q == 1 mod p. For a safe
prime, it suffices to check that y is not 1 or p-1.

After CVE-2016-0701 (https://www.openssl.org/news/secadv/20160128.txt), OpenSSL
changed their behavior to validate subgroup order if it is specified. The
function DH_check_pub_key
(https://github.com/openssl/openssl/blob/master/crypto/dh/dh_check.c) is used
(Continue reading)

admin | 25 May 21:40 2016

[Bug 165] Avoid showing LDAP passwords in log lines for LDAP errors

https://bugs.exim.org/show_bug.cgi?id=165

Jeremy Harris <jgh146exb <at> wizmail.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #6 from Jeremy Harris <jgh146exb <at> wizmail.org> ---
Lacking further comments, closing

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

Gmane