I see that there is careful memory allocation done for DNS_RR and TLS_SCACHE_ENTRY in in dns_rr.c and tls_scache.c respectively so that buffer overflow is not caused. However, a confirmation would be great.
On Mon, Nov 21, 2016 at 1:51 PM, Mc Security <mcs...@gmail.com> wrote: > Here are the line numbers for the remaining two items: > > 1. Buffer overflow Sourcefile: dns_rr.c, Line: 129, Module: dnsblog > > 2. Buffer oevrflow Sourcefile: tls_scache.c, Line: 208, Module: smtpd > > Thanks, > > Mc. > > On Wed, Nov 16, 2016 at 9:40 PM, Mc Secuirty <mcs...@gmail.com> wrote: > >> Wietse: >> >> Thank you very much for the response. I will look at the remaining two >> items to see if they are also false positives based on the information you >> provided for the other items. If I can't, I will try to get the lines >> numbers at least for those two. >> >> Thanks >> Mc. >> >> On Wed, Nov 16, 2016 at 7:54 PM, Wietse Venema <wie...@porcupine.org> >> wrote: >> >>> McSec: >>> > A Veracode scan reported the following vulnerabilites in postfix 3.0.1: >>> > >>> > vulnerability module source >>> > Buffer Over Flow dnsblog home/.../src/dns/dns_rr.c >>> > Buffer Over Flow smtpd home/.../src/tls/tls_scache.c >>> >>> There is no line number information, therefore this information is >>> not actionable. >>> >>> > Numeric Errors dnsblog home/.../src/dns/dns_rr.c 262 >>> > Numeric Errors dnsblog home/.../src/dns/dns_rr.c 302 >>> >>> Both are not a vulnerability, because DNS replies don't contain 268 >>> million responses. The DNS reply count is a 16-bit number, and is >>> therefore limited to 0..65535. >>> >>> > Numeric Errors dnsblog home/.../src/dns/dns_strtype.c >>> 207 >>> >>> Not a vulnerability, because the dns_type_map[] table with symbolic >>> names for DNS record types is much smaller than 2 billion. The DNS >>> record type is a 16-bit number, therefore there can be only 65536 >>> different record types. >>> >>> > Numeric Errors smtpd home/.../src/tls/tls_dane.c 1291 >>> >>> Not a vulnerability, because the trust anchor file is owned by a >>> trusted local user (root), and because that file will contain fewer >>> than 2 billion entries. >>> >>> Wietse >>> >> >> >
