diff -ruN --exclude=CVS /usr/ports//mail/fetchmail/Makefile ./Makefile --- /usr/ports//mail/fetchmail/Makefile 2012-02-25 00:56:18.000000000 +0100 +++ ./Makefile 2012-08-13 22:46:33.000000000 +0200 @@ -12,6 +12,7 @@ PORTNAME= fetchmail PORTVERSION= 6.3.21 +PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= BERLIOS/${PORTNAME}/ \ SF/${PORTNAME}/branch_6.3/ \ diff -ruN --exclude=CVS /usr/ports//mail/fetchmail/files/patch-3fbc7c ./files/patch-3fbc7c --- /usr/ports//mail/fetchmail/files/patch-3fbc7c 1970-01-01 01:00:00.000000000 +0100 +++ ./files/patch-3fbc7c 2012-08-13 22:46:13.000000000 +0200 @@ -0,0 +1,38 @@ +commit 3fbc7cd331602c76f882d1b507cd05c1d824ba8b +Author: Matthias Andree +Date: Mon Aug 13 20:48:12 2012 +0200 + + Fix crash: Handle invalid base64 in NTLM challenge. + + Some servers, for instance the MS Exchange servers deployed by the + US-American National Aeronautics and Space Administration (NASA), + aborted the NTLM protocol exchange after receiving the initial request. + + Fetchmail did not detect that there was an error message, rather than + NTLM protocol exchange, and caught a segmentation fault while reading + from a bad location. + + Detect base64 decoding errors, and return PS_AUTHFAIL in this case. + + Reported by J[ames] Porter Clark. + +diff --git a/ntlmsubr.c b/ntlmsubr.c +index f9d2733..9321d26 100644 +--- a/ntlmsubr.c ++++ b/ntlmsubr.c +@@ -55,7 +55,14 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + goto cancelfail; + +- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); ++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0) ++ { ++ report (stderr, GT_("could not decode BASE64 challenge\n")); ++ /* We do not goto cancelfail; the server has already sent the ++ * tagged reply, so the protocol exchange has ended, no need ++ * for us to send the asterisk. */ ++ return PS_AUTHFAIL; ++ } + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge);