• Ron Lee's avatar
    Use the correct argc for pipe.ham_args · 963c046c
    Ron Lee authored
    This fixes a typo bug, where if the number of arguments set for
    antispam_pipe_program_spam_arg is not the same as what was set
    for antispam_pipe_program_notspam_arg, then we'll either scribble
    past the end of the allocated argv array, or populate it with
    pointers to whatever followed the real ham_args.
    
    Thanks to Peter Colberg who reported this, including a correct
    patch to fix it, to the security team.  The security implications
    of this seem somewhat limited, since you need to edit a config
    file as root to create the bad situation, and there is no path
    for remote injection of crafted data (whether it overflows or
    underflows) if you do, the argv array will just get some 'random'
    extra pointers to existing internal data.
    
    However it does pose a potential problem for a legitimate user
    who does legitimately need or want to pass a different number of
    arguments for the spam and ham cases, since that could crash
    dovecot, or confuse the hell out of their pipe program when it
    gets some random extra arguments.  It's probably gone unnoticed
    for this long because most uses will pass the same number of
    arguments for both of them, but that's not a necessary condition
    in the general case.
    963c046c