diff options
author | nectar <nectar@FreeBSD.org> | 2004-02-19 05:47:18 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2004-02-19 05:47:18 +0800 |
commit | c594cdee70e2cb7401dc727e5b2a2011a39b749e (patch) | |
tree | 21512b258a5ff6b6cd44599105a79343ccb70b93 /mail | |
parent | b6a65e144d707af1e463c15f7edc1cde480a52c8 (diff) | |
download | freebsd-ports-gnome-c594cdee70e2cb7401dc727e5b2a2011a39b749e.tar.gz freebsd-ports-gnome-c594cdee70e2cb7401dc727e5b2a2011a39b749e.tar.zst freebsd-ports-gnome-c594cdee70e2cb7401dc727e5b2a2011a39b749e.zip |
Correct two format string vulnerabilities and two buffer overflows in
metamail (CVE names CAN-2004-0104 and CAN-2004-0104).
Submitted by: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
Diffstat (limited to 'mail')
-rw-r--r-- | mail/metamail/Makefile | 1 | ||||
-rw-r--r-- | mail/metamail/files/patch-ae | 22 | ||||
-rw-r--r-- | mail/metamail/files/patch-af | 60 |
3 files changed, 79 insertions, 4 deletions
diff --git a/mail/metamail/Makefile b/mail/metamail/Makefile index 00cfa31add11..fe4f9458966d 100644 --- a/mail/metamail/Makefile +++ b/mail/metamail/Makefile @@ -7,6 +7,7 @@ PORTNAME= metamail PORTVERSION= 2.7 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= ftp://thumper.bellcore.com/pub/nsb/ DISTNAME= mm${PORTVERSION} diff --git a/mail/metamail/files/patch-ae b/mail/metamail/files/patch-ae index 263382803431..3cfe25c60518 100644 --- a/mail/metamail/files/patch-ae +++ b/mail/metamail/files/patch-ae @@ -1,5 +1,5 @@ -*** metamail/splitmail.c.orig Sun Jun 18 13:13:56 1995 ---- metamail/splitmail.c Sun Jun 18 13:14:48 1995 +*** metamail/splitmail.c.orig Mon Jan 31 16:23:14 1994 +--- metamail/splitmail.c Wed Feb 18 15:39:09 2004 *************** *** 41,48 **** #define VERBOSEDELIVERYCMD VerboseDeliveryCmd @@ -19,3 +19,21 @@ #endif usageexit() { +*************** +*** 361,367 **** + } + if (!ULstrcmp(s, "subject")) { + *colon = ':'; +! strcpy(SubjectBuf, ++colon); + return(0); + } + if (!ULstrcmp(s, "content-type")) { +--- 361,368 ---- + } + if (!ULstrcmp(s, "subject")) { + *colon = ':'; +! strncpy(SubjectBuf, ++colon, sizeof(SubjectBuf)); +! SubjectBuf[sizeof(SubjectBuf) - 1] = '\0'; + return(0); + } + if (!ULstrcmp(s, "content-type")) { diff --git a/mail/metamail/files/patch-af b/mail/metamail/files/patch-af index 2cb4033d6e55..3a67175fd480 100644 --- a/mail/metamail/files/patch-af +++ b/mail/metamail/files/patch-af @@ -74,8 +74,8 @@ while (s && *s && isspace((unsigned char) *s)) ++s; if (s && (*s == 'y' || *s == 'Y')) break; continue; -*** metamail.c.bak Thu Feb 17 04:57:19 1994 ---- metamail/metamail.c Mon Nov 20 01:21:37 1995 +*** metamail/metamail.c.orig Wed Feb 16 19:57:19 1994 +--- metamail/metamail.c Wed Feb 18 15:39:09 2004 *************** *** 83,89 **** #define MAX_FILE_NAME_SIZE 256 @@ -111,6 +111,27 @@ overwriteans = 0; } else { *************** +*** 1202,1210 **** + fprintf(outfp, "Content-type: %s", ContentType); + for (j=0; j<CParamsUsed; ++j) { + fprintf(outfp, " ; "); +! fprintf(outfp, CParams[j]); + fprintf(outfp, " = "); +! fprintf(outfp, CParamValues[j]); + } + fprintf(outfp, "\n\n"); + TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType); +--- 1202,1210 ---- + fprintf(outfp, "Content-type: %s", ContentType); + for (j=0; j<CParamsUsed; ++j) { + fprintf(outfp, " ; "); +! fprintf(outfp, "%s", CParams[j]); + fprintf(outfp, " = "); +! fprintf(outfp, "%s", CParamValues[j]); + } + fprintf(outfp, "\n\n"); + TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType); +*************** *** 1823,1829 **** } else { printf("This message contains '%s'-format data.\nDo you want to view it using the '%s' command (y/n) [y] ? ", ctype, ShortCommand(progname)); @@ -127,3 +148,38 @@ if (!s) return(0); /* EOF */ while (s && *s && isspace((unsigned char) *s)) ++s; if (*s == 'y' || *s == 'Y' || !*s || *s == '\n') return(1); +*************** +*** 2022,2028 **** + if (lc2strcmp(charset, PrevCharset)) { + char *s2, *charsetinuse; + +! strcpy(PrevCharset, charset); + for (s2=PrevCharset; *s2; ++s2) { + if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2); + } +--- 2022,2029 ---- + if (lc2strcmp(charset, PrevCharset)) { + char *s2, *charsetinuse; + +! strncpy(PrevCharset, charset, sizeof(PrevCharset)); +! PrevCharset[sizeof(PrevCharset) - 1] = '\0'; + for (s2=PrevCharset; *s2; ++s2) { + if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2); + } +*************** +*** 2032,2038 **** + } + } + if (ecode == ENCODING_NONE) { +! printf(txt+1); + } else { + /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */ + MkTmpFileName(TmpFile); +--- 2033,2039 ---- + } + } + if (ecode == ENCODING_NONE) { +! printf("%s", txt+1); + } else { + /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */ + MkTmpFileName(TmpFile); |