untrusted comment: verify with openbsd-72-base.pub
RWQTKNnK3CZZ8ISF1qcJzQ4UGurXH6TCzNg4NdUwrq8tjOIHQYX1MIzRC2gdhO3qeZUciE2Cr2NHswMPGrxrhACO6cTP68trjAo=
OpenBSD 7.2 errata 020, February 7, 2023:
smtpd(8) could abort due to a connection from a local, scoped ipv6 address.
Apply by doing:
signify -Vep /etc/signify/openbsd-72-base.pub -x 020_smtpd.patch.sig \
-m - | (cd /usr/src && patch -p0)
And then rebuild and install smtpd:
cd /usr/src/usr.sbin/smtpd
make obj
make
make install
Index: usr.sbin/smtpd/envelope.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/envelope.c,v
diff -u -p -u -r1.50 envelope.c
--- usr.sbin/smtpd/envelope.c
+++ usr.sbin/smtpd/envelope.c
@@ -270,24 +270,28 @@ ascii_load_sockaddr(struct sockaddr_storage *ss, char
static int
ascii_load_sockaddr(struct sockaddr_storage *ss, char *buf)
{
- struct sockaddr_in6 ssin6;
- struct sockaddr_in ssin;
-
- memset(&ssin, 0, sizeof ssin);
- memset(&ssin6, 0, sizeof ssin6);
-
if (!strcmp("local", buf)) {
ss->ss_family = AF_LOCAL;
}
else if (buf[0] == '[' && buf[strlen(buf)-1] == ']') {
+ struct addrinfo hints, *res0;
+
buf[strlen(buf)-1] = '\0';
- if (inet_pton(AF_INET6, buf+1, &ssin6.sin6_addr) != 1)
+
+ /* getaddrinfo() is used to support scoped addresses. */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_INET6;
+ hints.ai_flags = AI_NUMERICHOST;
+ if (getaddrinfo(buf+1, NULL, &hints, &res0) != 0)
return 0;
- ssin6.sin6_family = AF_INET6;
- memcpy(ss, &ssin6, sizeof(ssin6));
- ss->ss_len = sizeof(struct sockaddr_in6);
+ memcpy(ss, res0->ai_addr, res0->ai_addrlen);
+ ss->ss_len = res0->ai_addrlen;
+ freeaddrinfo(res0);
}
else {
+ struct sockaddr_in ssin;
+
+ memset(&ssin, 0, sizeof ssin);
if (inet_pton(AF_INET, buf, &ssin.sin_addr) != 1)
return 0;
ssin.sin_family = AF_INET;
