Summary: | mail/dovecot: FOLLOW UP: Fix memory leak in auth_client_request_abort() | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | VK <vlad-fbsd> | ||||
Component: | Individual Port(s) | Assignee: | Adam Weinberger <adamw> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | ports-secteam, zeising | ||||
Priority: | --- | Keywords: | patch, regression, security | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(adamw) vlad-fbsd: merge-quarterly? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225446 | ||||||
Attachments: |
|
Description
VK
2018-01-31 13:38:38 UTC
Note: I badly worded the report, Debian team found the problem in the patch itself, not in FreeBSD's implementation... I can look at this in a few hours, if noone beats me. I did the previous commit to dovecot for this vuln. Created attachment 190239 [details]
Fix memory leak and remove request after abort
Here. Build tested with Poudriere 11.1 amd64.
Have NOT yet tested functionally.
Applied the patch to our Dovecot instances. So far so good. Tested with openssl s_client, aborted auth attempts, don't see any problems yet. Niclas, please feel free to apply this if needed. A commit references this bug: Author: zeising Date: Thu Feb 1 13:23:41 UTC 2018 New revision: 460590 URL: https://svnweb.freebsd.org/changeset/ports/460590 Log: Complete fix for CVE-2017-15132 Complete fix for CVE-2017-15132, the previous fix was not enough, and caused the request to remain after an abort, causing a use-after-free later on. PR: 225585 Submitted by: Vladimir Krstulja Approved by: adamw (maintainer) MFH: 2018Q1 Changes: head/mail/dovecot/Makefile head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h A commit references this bug: Author: zeising Date: Thu Feb 1 13:28:10 UTC 2018 New revision: 460596 URL: https://svnweb.freebsd.org/changeset/ports/460596 Log: MFH: r460590 Complete fix for CVE-2017-15132 Complete fix for CVE-2017-15132, the previous fix was not enough, and caused the request to remain after an abort, causing a use-after-free later on. PR: 225585 Submitted by: Vladimir Krstulja Approved by: adamw (maintainer) Approved by: ports-secteam (implicit, security fix) Changes: _U branches/2018Q1/ branches/2018Q1/mail/dovecot/Makefile branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h Committed, thanks for your submission! |