Attachment 191714 Details for Bug 226831 – Update and security fix for squirrelmail

Update and security fix for squirrelmail

squirrelmail-update.txt (text/plain), 3.42 KB, created by Jesse Smith on 2018-03-21 17:46:46 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jesse Smith

Created: 2018-03-21 17:46:46 UTC

Size: 3.42 KB

patch

obsolete

>diff -ruN /usr/ports/mail/squirrelmail/Makefile squirrelmail/Makefile
>--- /usr/ports/mail/squirrelmail/Makefile	2017-09-09 14:24:21.000000000 +0000
>+++ squirrelmail/Makefile	2018-03-21 17:37:17.412370000 +0000
>@@ -3,6 +3,7 @@
> 
> PORTNAME=	squirrelmail
> PORTVERSION=	20170705
>+PORTREVISION=	1
> CATEGORIES=	mail www
> MASTER_SITES=	http://snapshots.squirrelmail.org/ \
> 	http://freebsd.uzsolt.hu/src/
>diff -ruN /usr/ports/mail/squirrelmail/distinfo squirrelmail/distinfo
>--- /usr/ports/mail/squirrelmail/distinfo	2017-08-22 17:25:09.000000000 +0000
>+++ squirrelmail/distinfo	2018-03-21 17:37:29.090035000 +0000
>@@ -1,3 +1,3 @@
>-TIMESTAMP = 1499253804
>+TIMESTAMP = 1521653849
> SHA256 (squirrelmail/squirrelmail-20170705_0200-SVN.stable.tar.bz2) = 53ff6540eb46f737bb631f6d5e0fb80c19b42ab33b1e28a38b4bc469e26a63a8
> SIZE (squirrelmail/squirrelmail-20170705_0200-SVN.stable.tar.bz2) = 563043
>diff -ruN /usr/ports/mail/squirrelmail/files/patch-src_compose.php squirrelmail/files/patch-src_compose.php
>--- /usr/ports/mail/squirrelmail/files/patch-src_compose.php	1970-01-01 00:00:00.000000000 +0000
>+++ squirrelmail/files/patch-src_compose.php	2018-03-21 17:35:29.279475000 +0000
>@@ -0,0 +1,79 @@
>+--- src/compose.php.orig	2017-01-27 20:31:33 UTC
>++++ src/compose.php
>+@@ -148,6 +148,62 @@ $idents = get_identities();
>+ 
>+ /* --------------------- Specific Functions ------------------------------ */
>+ 
>++/*
>++Validate the user input 'attachments'.
>++If the input is ok, don't do anything.
>++If the attachment's file name is in an unexpected format, empty the attachments.
>++*/
>++function validateAttachments() {
>++	
>++	global $username, $attachment_dir, $attachments;
>++	
>++	// no attachments - nothing to validate
>++	if (empty($attachments)) 
>++	{
>++		return;
>++	}
>++	
>++	// get the Messages array
>++	$attach_arr = unserialize($attachments);
>++	
>++	if (empty($attach_arr) || !is_array($attach_arr))
>++	{
>++		return;
>++	}
>++	
>++	$hashed_attachment_dir = realpath(getHashedDir($username, $attachment_dir));
>++	
>++	/*
>++	For each attachment (of type Message), verify:
>++	1. That after calling realpath(), we are in the attachment directory.
>++	2. That the file name is 32 characters long (a fixed length used for attachments).
>++	3. That the file has no extension.
>++	
>++	Notes: The attachment file name is a random 32-long string.
>++	       The attachments directory contains other types of files as well, 
>++           but they either have an exention or are not 32-characters long.		   
>++	*/
>++	foreach ($attach_arr as $attach_msg_obj)
>++	{
>++		$received_file_name = $attach_msg_obj->att_local_name;	
>++		$full_path = realpath($hashed_attachment_dir . '/' . $received_file_name);
>++
>++		$path_parts = pathinfo($full_path);
>++		$file_name = $path_parts['basename'];
>++
>++		if ((substr($full_path, 0, strlen($hashed_attachment_dir)) != $hashed_attachment_dir) or
>++			(strlen($file_name) != 32) or
>++			($path_parts['extension'] != ""))
>++		{
>++			$attachments = '';
>++			return;
>++		}			
>++	}
>++
>++	return;
>++}
>++
>++
>+ function replyAllString($header) {
>+     global $include_self_reply_all, $username, $data_dir;
>+     $excl_ar = array();
>+@@ -288,6 +344,8 @@ function getforwardHeader($orig_header) 
>+ }
>+ /* ----------------------------------------------------------------------- */
>+ 
>++validateAttachments();
>++
>+ /*
>+  * If the session is expired during a post this restores the compose session
>+  * vars.
>+@@ -1853,4 +1911,3 @@ function deliverMessage(&$composeMessage
>+     }
>+     return $succes;
>+ }
>+-

Actions: View

Attachments on bug 226831: 191714 | 192200