Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Mar 2026 14:43:52 +0000
From:      Torsten Zuehlsdorff <tz@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 19808cb9783e - main - mail/opendkim: fix strlcpy misuse with overlapping buffers
Message-ID:  <69c3f4a8.1eb63.174a391e@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by tz:

URL: https://cgit.FreeBSD.org/ports/commit/?id=19808cb9783e847a57c47e4f2a8fff61875e2531

commit 19808cb9783e847a57c47e4f2a8fff61875e2531
Author:     Torsten Zuehlsdorff <tz@FreeBSD.org>
AuthorDate: 2026-03-25 12:55:53 +0000
Commit:     Torsten Zuehlsdorff <tz@FreeBSD.org>
CommitDate: 2026-03-25 14:43:05 +0000

    mail/opendkim: fix strlcpy misuse with overlapping buffers
    
      strlcpy() is undefined when source and destination overlap. Replace
      with manual copy in the SubDomains domain extraction where
      dfc->mctx_domain and the source pointer p can overlap.
    
      PR:           283487
      Approved by:  freebsd-ports@dan.me.uk (maintainer timeout)
---
 mail/opendkim/Makefile                        |  2 +-
 mail/opendkim/files/patch-opendkim_opendkim.c | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/mail/opendkim/Makefile b/mail/opendkim/Makefile
index cbaf2e19b391..944b5e44bf6b 100644
--- a/mail/opendkim/Makefile
+++ b/mail/opendkim/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	opendkim
 PORTVERSION=	2.10.3
-PORTREVISION=	21
+PORTREVISION=	22
 CATEGORIES=	mail security
 MASTER_SITES=	SF/${PORTNAME} \
 		SF/${PORTNAME}/Previous%20Releases \
diff --git a/mail/opendkim/files/patch-opendkim_opendkim.c b/mail/opendkim/files/patch-opendkim_opendkim.c
index 8ec336794477..d0d8f207bcd8 100644
--- a/mail/opendkim/files/patch-opendkim_opendkim.c
+++ b/mail/opendkim/files/patch-opendkim_opendkim.c
@@ -1,3 +1,18 @@
+--- opendkim/opendkim.c	2024-12-21 10:50:37.224458000 +0100
++++ opendkim/opendkim.c	2024-12-21 10:52:34.002259000 +0100
+@@ -12105,8 +12105,10 @@
+ 
+ 				if (domainok)
+ 				{
+-					strlcpy((char *) dfc->mctx_domain, p,
+-					        sizeof dfc->mctx_domain);
++					// We must not use strlcpy() here since
++					// src and dst overlap.
++					char* p2 = dfc->mctx_domain;
++					while( (*p2++ = *p++) );
+ 					break;
+ 				}
+ 			}
 commit 7c70ee7c86da1cecc621182355cc950d3b193314
 Author: David Bürgin <dbuergin@gluet.ch>
 Date:   Sat Oct 14 09:19:37 2023 +0200
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c3f4a8.1eb63.174a391e>