Documentation/Tests for CVE-2014-2972 fixexim-4_83

4 files changed, 7 insertions, 0 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 770b106a5..61086c7e2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -150,6 +150,10 @@ PP/02 Fix internal collision of T_APL on systems which support RFC3123
 
 JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
 
+TL/15 SECURITY: prevent double expansion in math comparison functions
+      (can expand unsanitized data). Not remotely exploitable.
+      CVE-2014-2972
+
 
 Exim version 4.82
 -----------------
diff --git a/test/aux-fixed/0002.lsearch b/test/aux-fixed/0002.lsearch
index dcf198b70..5cd6b1aa0 100644
--- a/test/aux-fixed/0002.lsearch
+++ b/test/aux-fixed/0002.lsearch
@@ -1,2 +1,3 @@
 ten-1.test.ex
 10.0.0.2
+trick: ${substr_2_2:65535}
diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002
index 7b6c34b3e..51dc6ae48 100644
--- a/test/scripts/0000-Basic/0002
+++ b/test/scripts/0000-Basic/0002
@@ -331,6 +331,7 @@ mask:   ${if eq {1}{2}{${mask:invalid}}{NO}}
 5>3m:   ${if >{5 } {3m }{y}{n}}
 5>3z:   ${if >{5 } {3z }{y}{n}}
 5>a:    ${if >{ 5 } {a}{y}{n}}
+5>bad:  ${if >{5 } {${lookup{trick}lsearch{DIR/aux-fixed/0002.lsearch}}} {y}{n}}
 
 >0:     ${if > {}{0}{y}{n}}
 =:      ${if = {}{}{y}{n}}
diff --git a/test/stdout/0002 b/test/stdout/0002
index 64e571944..7200bf3a7 100644
--- a/test/stdout/0002
+++ b/test/stdout/0002
@@ -304,6 +304,7 @@
 > 5>3m:   n
 > Failed: invalid integer "3z "
 > Failed: integer expected but "a" found
+> Failed: integer expected but "${substr_2_2:65535}" found
 > 
 > >0:     n
 > =:      y