fvwm2: minimal fix for silly configure script attempting to detect -Werror
Configure tests tend to use broken C code and fail with compiler updates.
But one that is deliberately broken to catch -Werror is a new brilliancy.
A more radical approach is https://github.com/fvwmorg/fvwm/pull/106
clear userinfo before sending over imsg.
This is not an issue by itself but it weakens compartmentalization and may assist
lateral movement inside the privsep environment after another bug.
diff by Stuart Thomas <stuart.thomas at triageforge.co.uk>
Reject oversized sockaddr payloads received over privsep IPC.
This is not an issue on its own but may permit lateral movement or memory corruption
inside the privsep environment after another bug.
diff by Stuart Thomas <stuart.thomas at triageforge.co.uk>
Zero the temporary envelope parsing buffers before use.
While current parsing paths do not expose uninitialized data, keeping stack residue
in these transient buffers unnecessarily weakens compartmentalization and may aid
lateral movement inside the privsep environment after another bug.
The diff also fixes a theoretical double close race bug which can't really happen in
smtpd due to requiring concurrency in our single threaded event loop, and which would
have very limited reliability impact if it was triggered (forcing a mail to fail on a
schedule tick and be retried at next tick). This is still incorrect so let's avoid a
copy of this code in more problematic places.
diff by Stuart Thomas <stuart.thomas at triageforge.co.uk>
Ensure pending asynchronous lookups do not retain dangling smtp_session references after teardown.
This is mainly a robustness fix inside the privsep model:
stale references may permit lateral effects between smtpd processes after another compromise.
diff by Stuart Thomas <stuart.thomas at triageforge.co.uk>
validate encrypted queue buffer sizes before processing auth tag and IV data:
current callers already treat malformed input as a decrypt failure but rejecting
truncated buffers earlier makes boundary conditions more explicit.
diff by Stuart Thomas <stuart.thomas at triageforge.co.uk>
Pass correct argument to m_tag_delete() in ip_srcroute()
When the ip_srcroute function was redone to follow what FreeBSD did
the m_tag_delete() call was not correctly adjusted. In FreeBSD the
tag data structs always start with a struct m_tag while in OpenBSD
this wrapping is not done.
ip_srcroute is disabled by default and nobody sane turns it on.
From a report by Frank Denis
OK dlg@ deraadt@
Correct ICMPv6 parameter problem in IPv6 destination option.
If the destination option is placed in a different mbuf than the
IPv6 header, the calculation of the parameter problem offset was
wrong.
found by Quarkslab Vulnerability Reports
OK deraadt@
