FreeBSD Bugzilla – Attachment 105390 Details for
Bug 145857
[security] mail/fetchmail denial of service (verbose mode)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
fm.diff
fm.diff (text/plain), 4.44 KB, created by
Matthias Andree
on 2010-04-22 14:54:23 UTC
(
hide
)
Description:
fm.diff
Filename:
MIME Type:
Creator:
Matthias Andree
Created:
2010-04-22 14:54:23 UTC
Size:
4.44 KB
patch
obsolete
>===> Updating from CVS >M Makefile >A files/patch-CVE-2010-1167 >===> Generating patch >===> Viewing diff with more >Index: Makefile >=================================================================== >RCS file: /home/ncvs/ports/mail/fetchmail/Makefile,v >retrieving revision 1.207 >diff -u -u -r1.207 Makefile >--- Makefile 7 Apr 2010 18:20:20 -0000 1.207 >+++ Makefile 22 Apr 2010 13:48:20 -0000 >@@ -11,6 +11,7 @@ > > PORTNAME= fetchmail > PORTVERSION= 6.3.16 >+PORTREVISION= 1 > CATEGORIES= mail ipv6 > MASTER_SITES= ${MASTER_SITE_BERLIOS} \ > http://mandree.home.pages.de/fetchmail/:ma \ >@@ -28,6 +29,7 @@ > USE_RC_SUBR= fetchmail > FETCHMAILRC= ${PREFIX}/etc/fetchmailrc > SUB_FILES= pkg-message >+PATCH_STRIP= -p1 > > USE_BZIP2= yes > USE_GMAKE= yes >Index: files/patch-CVE-2010-1167 >=================================================================== >RCS file: files/patch-CVE-2010-1167 >diff -N files/patch-CVE-2010-1167 >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-CVE-2010-1167 22 Apr 2010 13:46:10 -0000 >@@ -0,0 +1,102 @@ >+commit ec06293134b85876f9201d8a52b844c41581b2b3 >+Author: Matthias Andree <matthias.andree@gmx.de> >+Date: Sun Apr 18 18:01:38 2010 +0200 >+ >+ SECURITY FIX: DoS on EILSEQ in report_*() in -vv and multibyte-locales. >+ >+diff --git a/rfc822.c b/rfc822.c >+index 6f2dbf3..dbcda32 100644 >+--- a/rfc822.c >++++ b/rfc822.c >+@@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. >+ #include <stdlib.h> >+ >+ #include "fetchmail.h" >++#include "sdump.h" >+ >+ #ifndef MAIN >+ #include "i18n.h" >+@@ -74,9 +75,10 @@ char *reply_hack( >+ } >+ >+ #ifndef MAIN >+- if (outlevel >= O_DEBUG) >+- report_build(stdout, GT_("About to rewrite %.*s...\n"), >+- (int)BEFORE_EOL(buf), buf); >++ if (outlevel >= O_DEBUG) { >++ report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); >++ xfree(cp); >++ } >+ >+ /* make room to hack the address; buf must be malloced */ >+ for (cp = buf; *cp; cp++) >+@@ -211,9 +213,12 @@ char *reply_hack( >+ } >+ >+ #ifndef MAIN >+- if (outlevel >= O_DEBUG) >+- report_complete(stdout, GT_("...rewritten version is %.*s.\n"), >+- (int)BEFORE_EOL(buf), buf); >++ if (outlevel >= O_DEBUG) { >++ report_complete(stdout, GT_("...rewritten version is %s.\n"), >++ (cp = sdump(buf, BEFORE_EOL(buf)))); >++ xfree(cp) >++ } >++ >+ #endif /* MAIN */ >+ *length = strlen(buf); >+ return(buf); >+diff --git a/uid.c b/uid.c >+index fdc6f5d..d813bee 100644 >+--- a/uid.c >++++ b/uid.c >+@@ -20,6 +20,7 @@ >+ >+ #include "fetchmail.h" >+ #include "i18n.h" >++#include "sdump.h" >+ >+ /* >+ * Machinery for handling UID lists live here. This is mainly to support >+@@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) >+ if (uidlcount) >+ { >+ report_build(stdout, GT_("Scratch list of UIDs:")); >+- for (idp = scratchlist; idp; idp = idp->next) >+- report_build(stdout, " %s", idp->id); >++ for (idp = scratchlist; idp; idp = idp->next) { >++ char *t = sdump(idp->id, strlen(idp->id)); >++ report_build(stdout, " %s", t); >++ free(t); >++ } >+ if (!idp) >+ report_build(stdout, GT_(" <empty>")); >+ report_complete(stdout, "\n"); >+@@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl) >+ report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); >+ else >+ report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname); >+- for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) >+- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); >++ for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) { >++ char *t = sdump(idp->id, strlen(idp->id)); >++ report_build(stdout, " %s = %d", t, idp->val.status.mark); >++ free(t); >++ } >+ if (!idp) >+ report_build(stdout, GT_(" <empty>")); >+ report_complete(stdout, "\n"); >+@@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl) >+ /* this is now a merged list! the mails which were seen in this >+ * poll are marked here. */ >+ report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); >+- for (idp = ctl->oldsaved; idp; idp = idp->next) >+- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); >++ for (idp = ctl->oldsaved; idp; idp = idp->next) { >++ char *t = sdump(idp->id, strlen(idp->id)); >++ report_build(stdout, " %s = %d", t, idp->val.status.mark); >++ free(t); >++ } >+ if (!idp) >+ report_build(stdout, GT_(" <empty>")); >+ report_complete(stdout, "\n"); >===> Done
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=105390">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 145857
: 105390