- Security patch libmiter

SECURITY: fix DOS vulnerability in libmiter Obtained from: Jose-Marcio Martins da Cruz
author: dinoex <dinoex@FreeBSD.org> 2009-10-26 16:46:44 +0800
committer: dinoex <dinoex@FreeBSD.org> 2009-10-26 16:46:44 +0800
commit: bc2ca445701b0025eb94ff6275cbbca9543ae7d8 (patch)
tree: c6eac8fddef51df3368c27112d5b21d44d367619 /mail
parent: ab7b2019a98cb64fb43c00472c3707819eeb5d5a (diff)
download: freebsd-ports-gnome-bc2ca445701b0025eb94ff6275cbbca9543ae7d8.tar.gz
freebsd-ports-gnome-bc2ca445701b0025eb94ff6275cbbca9543ae7d8.tar.zst
freebsd-ports-gnome-bc2ca445701b0025eb94ff6275cbbca9543ae7d8.zip
2 files changed, 151 insertions, 0 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index 66f51e87dd57..b3663868f6d7 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	sendmail
 PORTVERSION=	8.14.3
+PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	ftp://ftp.sendmail.org/pub/sendmail/ \
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,}
diff --git a/mail/sendmail/files/patch-worker.c b/mail/sendmail/files/patch-worker.c
new file mode 100644
index 000000000000..8852ca003f7d
--- /dev/null
+++ b/mail/sendmail/files/patch-worker.c
@@ -0,0 +1,150 @@
+--- libmilter/worker.c.orig	2007-12-03 23:06:05.000000000 +0100
++++ libmilter/worker.c	2009-06-15 09:46:29.000000000 +0200
+@@ -328,6 +328,8 @@
+ 	int dim_pfd = 0;
+ 	bool rebuild_set = true;
+ 	int pcnt = 0; /* error count for poll() failures */
++	time_t lastcheck;
++	int nfd = 0;
+ 
+ 	Tskmgr.tm_tid = sthread_get_id();
+ 	if (pthread_detach(Tskmgr.tm_tid) != 0)
+@@ -345,12 +347,12 @@
+ 	}
+ 	dim_pfd = PFD_STEP;
+ 
++	lastcheck = time(NULL);
+ 	for (;;)
+ 	{
+ 		SMFICTX_PTR ctx;
+-		int nfd, rfd, i;
++		int rfd, i;
+ 		time_t now;
+-		time_t lastcheck;
+ 
+ 		POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN));
+ 
+@@ -364,20 +366,20 @@
+ 		/* check for timed out sessions? */
+ 		if (lastcheck + DT_CHECK_OLD_SESSIONS < now)
+ 		{
+-			SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link)
++			ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD);
++			while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD))
+ 			{
++				SMFICTX_PTR ctx_nxt;
++
++				ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link);
+ 				if (ctx->ctx_wstate == WKST_WAITING)
+ 				{
+ 					if (ctx->ctx_wait == 0)
+-					{
+ 						ctx->ctx_wait = now;
+-						continue;
+-					}
+-
+-					/* if session timed out, close it */
+-					if (ctx->ctx_wait + OLD_SESSION_TIMEOUT
+-					    < now)
++					else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT
++						 < now)
+ 					{
++						/* if session timed out, close it */
+ 						sfsistat (*fi_close) __P((SMFICTX *));
+ 
+ 						POOL_LEV_DPRINTF(4,
+@@ -389,10 +391,9 @@
+ 							(void) (*fi_close)(ctx);
+ 
+ 						mi_close_session(ctx);
+-						ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD);
+-						continue;
+ 					}
+ 				}
++				ctx = ctx_nxt;
+ 			}
+ 			lastcheck = now;
+ 		}
+@@ -465,6 +466,7 @@
+ 					}
+ 				}
+ 			}
++			rebuild_set = false;
+ 		}
+ 
+ 		TASKMGR_UNLOCK();
+--- libsharedmilter/worker.c.orig	2007-12-03 23:06:05.000000000 +0100
++++ libsharedmilter/worker.c	2009-06-15 09:46:29.000000000 +0200
+@@ -328,6 +328,8 @@
+ 	int dim_pfd = 0;
+ 	bool rebuild_set = true;
+ 	int pcnt = 0; /* error count for poll() failures */
++	time_t lastcheck;
++	int nfd = 0;
+ 
+ 	Tskmgr.tm_tid = sthread_get_id();
+ 	if (pthread_detach(Tskmgr.tm_tid) != 0)
+@@ -345,12 +347,12 @@
+ 	}
+ 	dim_pfd = PFD_STEP;
+ 
++	lastcheck = time(NULL);
+ 	for (;;)
+ 	{
+ 		SMFICTX_PTR ctx;
+-		int nfd, rfd, i;
++		int rfd, i;
+ 		time_t now;
+-		time_t lastcheck;
+ 
+ 		POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN));
+ 
+@@ -364,20 +366,20 @@
+ 		/* check for timed out sessions? */
+ 		if (lastcheck + DT_CHECK_OLD_SESSIONS < now)
+ 		{
+-			SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link)
++			ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD);
++			while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD))
+ 			{
++				SMFICTX_PTR ctx_nxt;
++
++				ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link);
+ 				if (ctx->ctx_wstate == WKST_WAITING)
+ 				{
+ 					if (ctx->ctx_wait == 0)
+-					{
+ 						ctx->ctx_wait = now;
+-						continue;
+-					}
+-
+-					/* if session timed out, close it */
+-					if (ctx->ctx_wait + OLD_SESSION_TIMEOUT
+-					    < now)
++					else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT
++						 < now)
+ 					{
++						/* if session timed out, close it */
+ 						sfsistat (*fi_close) __P((SMFICTX *));
+ 
+ 						POOL_LEV_DPRINTF(4,
+@@ -389,10 +391,9 @@
+ 							(void) (*fi_close)(ctx);
+ 
+ 						mi_close_session(ctx);
+-						ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD);
+-						continue;
+ 					}
+ 				}
++				ctx = ctx_nxt;
+ 			}
+ 			lastcheck = now;
+ 		}
+@@ -465,6 +466,7 @@
+ 					}
+ 				}
+ 			}
++			rebuild_set = false;
+ 		}
+ 
+ 		TASKMGR_UNLOCK();
author	dinoex <dinoex@FreeBSD.org>	2009-10-26 16:46:44 +0800
committer	dinoex <dinoex@FreeBSD.org>	2009-10-26 16:46:44 +0800
commit	bc2ca445701b0025eb94ff6275cbbca9543ae7d8 (patch)
tree	c6eac8fddef51df3368c27112d5b21d44d367619 /mail
parent	ab7b2019a98cb64fb43c00472c3707819eeb5d5a (diff)
download	freebsd-ports-gnome-bc2ca445701b0025eb94ff6275cbbca9543ae7d8.tar.gz freebsd-ports-gnome-bc2ca445701b0025eb94ff6275cbbca9543ae7d8.tar.zst freebsd-ports-gnome-bc2ca445701b0025eb94ff6275cbbca9543ae7d8.zip