Commit 3c696d44 authored by Kevin Daudt's avatar Kevin Daudt 💻

community/postsrsd: include patch for CVE-2020-35573

parent 15bc136e
From 4733fb11f6bec6524bb8518c5e1a699288c26bac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20R=C3=B6hling?= <timo@gaussglocke.de>
Date: Sat, 12 Dec 2020 10:42:28 +0100
Subject: [PATCH] SECURITY: Fix potential denial of service attack against
PostSRSd
I discovered that PostSRSd could be tricked into consuming a lot of CPU
time with an SRS address that has an excessively long time stamp tag,
e.g.
SRS0=HHHH=TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT=0@example.com
---
srs2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/srs2.c b/srs2.c
index b07a664..6a2eebb 100644
--- a/srs2.c
+++ b/srs2.c
@@ -230,6 +230,7 @@ srs_timestamp_check(srs_t *srs, const char *stamp)
time_t now;
time_t then;
+ if (strlen(stamp) != 2) return SRS_ETIMESTAMPOUTOFDATE;
/* We had better go around this loop exactly twice! */
then = 0;
for (sp = stamp; *sp; sp++) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment