Bug#532740: marked as done (libdkim0d: Should use strtok_r() not strtok() for thread safety)

Tue, 15 Sep 2009 09:00:03 -0700 

Your message dated Tue, 15 Sep 2009 15:44:49 +0000
with message-id <[email protected]>
and subject line Bug#532740: fixed in libdkim 1:1.0.19-4
has caused the Debian Bug report #532740,
regarding libdkim0d: Should use strtok_r() not strtok() for thread safety
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
532740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532740
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libdkim0d
Version: 1:1.0.19-3
Severity: grave
Tags: security
Justification: user security hole


The following patch makes libdkim use strtok_r() instead of strtok() for thread
safety.

If a server process has multiple threads operating on behalf of different users
while verifying dkim data (IE receiving mail for multiple users) then data may
be leaked.  Also this may cause a server process to crash and there is a
possibility of it being an exploitable bug.

I don't think that the security concerns are great enough to make a secret
report for a coordinated release, but I do think that they are great enough
to justify a grave bug report.

diff -ru libdkim-1.0.19/src/dkimverify.cpp libdkim-1.0.19-new/src/dkimverify.cpp
--- libdkim-1.0.19/src/dkimverify.cpp   2008-05-12 20:08:06.000000000 +1000
+++ libdkim-1.0.19-new/src/dkimverify.cpp       2009-06-11 18:28:10.000000000 
+1000
@@ -855,6 +855,9 @@
 
////////////////////////////////////////////////////////////////////////////////
 int CDKIMVerify::ParseDKIMSignature( const string& sHeader, SignatureInfo &sig 
)
 {
+       // for strtok_r()
+       char *saveptr;
+
        // save header for later
        sig.Header = sHeader;
 
@@ -1032,7 +1035,7 @@
        {
                // make sure "dns" is in the list
                bool HasDNS = false;
-               char *s = strtok(values[9], ":");
+               char *s = strtok_r(values[9], ":", &saveptr);
                while (s != NULL)
                {
                        if (strncmp(s, "dns", 3) == 0 && (s[3] == '\0' || s[3] 
== '/'))
@@ -1040,7 +1043,7 @@
                                HasDNS = true;
                                break;
                        }
-                       s = strtok(NULL, ": \t");
+                       s = strtok_r(NULL, ": \t", &saveptr);
                }
                if (!HasDNS)
                        return DKIM_BAD_SYNTAX;         // todo: maybe create a 
new error code for unknown query method
@@ -1080,7 +1083,7 @@
        // parse the signed headers list
        bool HasFrom = false, HasSubject = false;
        RemoveSWSP(values[4]);                  // header names shouldn't have 
spaces in them so this should be ok...
-       char *s = strtok(values[4], ":");
+       char *s = strtok_r(values[4], ":", &saveptr);
        while (s != NULL)
        {
                if (_stricmp(s, "From") == 0)
@@ -1090,7 +1093,7 @@
 
                sig.SignedHeaders.push_back(s);
 
-               s = strtok(NULL, ":");
+               s = strtok_r(NULL, ":", &saveptr);
        }
 
        if (!HasFrom)
@@ -1194,6 +1197,9 @@
 
////////////////////////////////////////////////////////////////////////////////
 int SelectorInfo::Parse( char* Buffer )
 {
+       // for strtok_r()
+       char *saveptr;
+
        static const char *tags[] = {"v","g","h","k","p","s","t","n",NULL};
        char *values[sizeof(tags)/sizeof(tags[0])] = {NULL};
 
@@ -1235,14 +1241,14 @@
        else
        {
                // MUST include "sha1" or "sha256"
-               char *s = strtok(values[2], ":");
+               char *s = strtok_r(values[2], ":", &saveptr);
                while (s != NULL)
                {
                        if (strcmp(s, "sha1") == 0)
                                AllowSHA1 = true;
                        else if (strcmp(s, "sha256") == 0)
                                AllowSHA256 = true;
-                       s = strtok(NULL, ":");
+                       s = strtok_r(NULL, ":", &saveptr);
                }
                if ( !(AllowSHA1 || AllowSHA256) )
                        return DKIM_SELECTOR_INVALID;   // todo: maybe create a 
new error code for unsupported hash algorithm
@@ -1261,7 +1267,7 @@
        {
                // make sure "*" or "email" is in the list
                bool ServiceTypeMatch = false;
-               char *s = strtok(values[5], ":");
+               char *s = strtok_r(values[5], ":", &saveptr);
                while (s != NULL)
                {
                        if (strcmp(s, "*") == 0 || strcmp(s, "email") == 0)
@@ -1269,7 +1275,7 @@
                                ServiceTypeMatch = true;
                                break;
                        }
-                       s = strtok(NULL, ":");
+                       s = strtok_r(NULL, ":", &saveptr);
                }
                if (!ServiceTypeMatch)
                        return DKIM_SELECTOR_INVALID;
@@ -1278,7 +1284,7 @@
        // flags
        if (values[6] != NULL)
        {
-               char *s = strtok(values[6], ":");
+               char *s = strtok_r(values[6], ":", &saveptr);
                while (s != NULL)
                {
                        if (strcmp(s, "y") == 0)
@@ -1289,7 +1295,7 @@
                        {
                                SameDomain = true;
                        }
-                       s = strtok(NULL, ":");
+                       s = strtok_r(NULL, ":", &saveptr);
                }
        }
 
@@ -1388,6 +1394,9 @@
 
////////////////////////////////////////////////////////////////////////////////
 int CDKIMVerify::GetSSP( const string &sDomain, int &iSSP, bool &bTesting )
 {
+       // for strtok_r()
+       char *saveptr;
+
        string sFQDN = "_ssp._domainkey.";
        sFQDN += sDomain;
 
@@ -1456,7 +1465,7 @@
                        // flags
                        if (values[1] != NULL)
                        {
-                               char *s = strtok(values[1], "|");
+                               char *s = strtok_r(values[1], "|", &saveptr);
                                while (s != NULL)
                                {
                                        if (strcmp(s, "y") == 0)
@@ -1474,7 +1483,7 @@
                                                        return DKIM_SUCCESS;
                                                }
                                        }
-                                       s = strtok(NULL, "|");
+                                       s = strtok_r(NULL, "|", &saveptr);
                                }
                        }
                }

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) 
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash

Versions of packages libdkim0d depends on:
ii  libc6                   2.7-18           GNU C Library: Shared libraries
ii  libgcc1                 1:4.3.2-1.1      GCC support library
ii  libssl0.9.8             0.9.8g-15+lenny1 SSL shared libraries
ii  libstdc++6              4.3.2-1.1        The GNU Standard C++ Library v3

libdkim0d recommends no packages.

libdkim0d suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: libdkim
Source-Version: 1:1.0.19-4

We believe that the bug you reported is fixed in the latest version of
libdkim, which is due to be installed in the Debian FTP archive:

libdkim-dev_1.0.19-4_amd64.deb
  to pool/main/libd/libdkim/libdkim-dev_1.0.19-4_amd64.deb
libdkim0d-dbg_1.0.19-4_amd64.deb
  to pool/main/libd/libdkim/libdkim0d-dbg_1.0.19-4_amd64.deb
libdkim0d_1.0.19-4_amd64.deb
  to pool/main/libd/libdkim/libdkim0d_1.0.19-4_amd64.deb
libdkim_1.0.19-4.diff.gz
  to pool/main/libd/libdkim/libdkim_1.0.19-4.diff.gz
libdkim_1.0.19-4.dsc
  to pool/main/libd/libdkim/libdkim_1.0.19-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Magnus Holmgren <[email protected]> (supplier of updated libdkim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 14 Sep 2009 22:34:21 +0200
Source: libdkim
Binary: libdkim0d libdkim-dev libdkim0d-dbg
Architecture: source amd64
Version: 1:1.0.19-4
Distribution: unstable
Urgency: low
Maintainer: Magnus Holmgren <[email protected]>
Changed-By: Magnus Holmgren <[email protected]>
Description: 
 libdkim-dev - cryptographically identify the sender of email
 libdkim0d  - cryptographically identify the sender of email
 libdkim0d-dbg - DomainKeys Identified Mail (DKIM) library - debug symbols
Closes: 524147 524147 532058 532740
Changes: 
 libdkim (1:1.0.19-4) unstable; urgency=low
 .
   * Add debug package (Closes: #532058).
   * Use strtok_r() instead of strtok() for thread safety (Closes:
     #532740). Patch by Russel Coker.
   * Include built libdkimtest (Closes: #524147).
   * Move examples from library to dev package.
   * Get rid of warnings through the use of const and more correct types
     (Closes: #524147). Patch by Russel Coker.
   * Upgrade package to Standards-Version 3.8.3:
     + Add README.source.
Checksums-Sha1: 
 2f0a30f8d9dca404ce13b73545dccb8232c95092 1067 libdkim_1.0.19-4.dsc
 d9682d1c7a58ecda8e2651b2fa46d4587e068f06 15048 libdkim_1.0.19-4.diff.gz
 e8d13ef953d2b637d0b204f85dec906246739cf3 39894 libdkim0d_1.0.19-4_amd64.deb
 d383eb44608481f062a2a86c8e44c84ccb5ecf21 50926 libdkim-dev_1.0.19-4_amd64.deb
 3f27b8d5ca7d144e8c3553c0d33e675bf3cdb0c0 139572 
libdkim0d-dbg_1.0.19-4_amd64.deb
Checksums-Sha256: 
 a2f4babeb4c98c6433f46a6698dd438640856ae1d2b27ef9a3a1d3059d2b275f 1067 
libdkim_1.0.19-4.dsc
 856f014afe38c4e77dcf82f7d679051da51147f57c629098da7e90b184e9b880 15048 
libdkim_1.0.19-4.diff.gz
 3c3240865939fd120de966a7cabb498aaf823a96353f687703708bb42e57a603 39894 
libdkim0d_1.0.19-4_amd64.deb
 3b52cca1b5f237c3b890cc1d25ddd149c85c64832174513fb784768fac682142 50926 
libdkim-dev_1.0.19-4_amd64.deb
 bb3e37bf5304f6a854430991beea83147a681b539503bb85601fc1f9a570b668 139572 
libdkim0d-dbg_1.0.19-4_amd64.deb
Files: 
 0e770dca1b1c2458e006030f594bb39b 1067 libs optional libdkim_1.0.19-4.dsc
 4410e506d26de879372614c11d370a6f 15048 libs optional libdkim_1.0.19-4.diff.gz
 77a9f3049bbd82c5d558aa37af2c67ba 39894 libs optional 
libdkim0d_1.0.19-4_amd64.deb
 58d486123b028875518a80ee545b6a98 50926 libdevel optional 
libdkim-dev_1.0.19-4_amd64.deb
 c7ffb843db52254ce8d13a8532f04b6f 139572 debug extra 
libdkim0d-dbg_1.0.19-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkquqTwACgkQk7mRNn1h4+YpwQCeLcAoZHUXWQOKPzjJxl7KL7gg
FeIAoL/unn7ffHiYEtqTyzzMkmmEWK24
=DoxE
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to