Bug 225585 - mail/dovecot: FOLLOW UP: Fix memory leak in auth_client_request_abort()
Summary: mail/dovecot: FOLLOW UP: Fix memory leak in auth_client_request_abort()
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Adam Weinberger
URL: https://github.com/dovecot/core/commi...
Keywords: patch, regression, security
Depends on:
Blocks:
 
Reported: 2018-01-31 13:38 UTC by VK
Modified: 2018-02-01 13:30 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (adamw)
vlad-fbsd: merge-quarterly?


Attachments
Fix memory leak and remove request after abort (3.24 KB, patch)
2018-02-01 02:17 UTC, VK
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2018-01-31 13:38:38 UTC
Heads up, apparently Debian team found a regression/problem with the fix applied through our bug #225446, and elaborated the fix with the following commit:

* https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22

Noted here:

* http://seclists.org/oss-sec/2018/q1/119

I haven't seen any issues. My build server has had a hardware meltdown yesterday, and I have to bring poudriere up on the new server today, so I'll port this and test in our Dovecot infra.
Comment 1 VK freebsd_triage 2018-01-31 13:43:06 UTC
Note: I badly worded the report, Debian team found the problem in the patch itself, not in FreeBSD's implementation...
Comment 2 Niclas Zeising freebsd_committer 2018-01-31 14:36:55 UTC
I can look at this in a few hours, if noone beats me.  I did the previous commit to dovecot for this vuln.
Comment 3 VK freebsd_triage 2018-02-01 02:17:55 UTC
Created attachment 190239 [details]
Fix memory leak and remove request after abort

Here. Build tested with Poudriere 11.1 amd64.

Have NOT yet tested functionally.
Comment 4 VK freebsd_triage 2018-02-01 02:42:01 UTC
Applied the patch to our Dovecot instances. So far so good. Tested with openssl s_client, aborted auth attempts, don't see any problems yet.
Comment 5 Adam Weinberger freebsd_committer 2018-02-01 05:10:55 UTC
Niclas, please feel free to apply this if needed.
Comment 6 commit-hook freebsd_committer 2018-02-01 13:23:59 UTC
A commit references this bug:

Author: zeising
Date: Thu Feb  1 13:23:41 UTC 2018
New revision: 460590
URL: https://svnweb.freebsd.org/changeset/ports/460590

Log:
  Complete fix for CVE-2017-15132

  Complete fix for CVE-2017-15132, the previous fix was not enough, and caused
  the request to remain after an abort, causing a use-after-free later on.

  PR:		225585
  Submitted by:	Vladimir Krstulja
  Approved by:	adamw (maintainer)
  MFH:		2018Q1

Changes:
  head/mail/dovecot/Makefile
  head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
  head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c
  head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h
Comment 7 commit-hook freebsd_committer 2018-02-01 13:29:05 UTC
A commit references this bug:

Author: zeising
Date: Thu Feb  1 13:28:10 UTC 2018
New revision: 460596
URL: https://svnweb.freebsd.org/changeset/ports/460596

Log:
  MFH: r460590

  Complete fix for CVE-2017-15132

  Complete fix for CVE-2017-15132, the previous fix was not enough, and caused
  the request to remain after an abort, causing a use-after-free later on.

  PR:		225585
  Submitted by:	Vladimir Krstulja
  Approved by:	adamw (maintainer)

  Approved by:	ports-secteam (implicit, security fix)

Changes:
_U  branches/2018Q1/
  branches/2018Q1/mail/dovecot/Makefile
  branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
  branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c
  branches/2018Q1/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h
Comment 8 Niclas Zeising freebsd_committer 2018-02-01 13:30:21 UTC
Committed, thanks for your submission!