From c5f5f3f7cb192220eb86ff7ec4e8ff4d4745fe04 Mon Sep 17 00:00:00 2001 From: Bastian Germann Date: Thu, 23 Oct 2025 12:21:16 +0200 Subject: [PATCH] CVE-2013-0350: Drop tcp_smtp log tmp_smtp.c allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. This is adapted from the patch by Jari Aalto that Debian has included for this. --- tcp_smtp.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tcp_smtp.c b/tcp_smtp.c index 05b52f2..9d2121d 100644 --- a/tcp_smtp.c +++ b/tcp_smtp.c @@ -149,13 +149,8 @@ smtp_line(f, line) struct smtp_state *state; const char *s; int addr_changed = 0; -FILE*log; state = (struct smtp_state *)f->udata; - -if ((log = fopen("/tmp/smtp.log", "a"))) - fprintf(log, "smpt_line [%s]\n", line); - if (state->in_data) { if (strcmp(line, ".") == 0) { state->in_data = 0; @@ -180,18 +175,15 @@ if ((log = fopen("/tmp/smtp.log", "a"))) } else { /* Normalize the command line */ normalize_line(line); -if (log)fprintf(log, "normalized to [%s]\n", line); if ((s = strip_prefix(line, "MAIL FROM:"))) { snprintf(state->from_addr, sizeof state->from_addr, "%s", s); normalize_addr(state->from_addr); addr_changed = 1; -if (log)fprintf(log, "from_addr = [%s]\n", state->from_addr); } else if ((s = strip_prefix(line, "RCPT TO:"))) { snprintf(state->to_addr, sizeof state->to_addr, "%s", s); normalize_addr(state->to_addr); addr_changed = 1; -if (log)fprintf(log, "to_addr = [%s]\n", state->to_addr); } else if (strcmp(line, "DATA") == 0) { state->in_data = 1; @@ -213,10 +205,8 @@ if (log)fprintf(log, "to_addr = [%s]\n", state->to_addr); if (strcmp(line, "QUIT") != 0) snprintf(f->desc, sizeof f->desc, "%s", line); } -if (log)fprintf(log, "set desc to: [%s]\n", f->desc); } -if (log)fclose(log); } /*