diff options
author | mandree <mandree@FreeBSD.org> | 2012-08-28 01:44:23 +0800 |
---|---|---|
committer | mandree <mandree@FreeBSD.org> | 2012-08-28 01:44:23 +0800 |
commit | 1476a44ef9bc7f72587ee3f9b9438c3af6124ea0 (patch) | |
tree | af486af50b7e19a9a6a94a14ad8edecd73a4c293 /mail | |
parent | a3e617d915c8763c8bd08887c1b39e82ea4137ec (diff) | |
download | freebsd-ports-gnome-1476a44ef9bc7f72587ee3f9b9438c3af6124ea0.tar.gz freebsd-ports-gnome-1476a44ef9bc7f72587ee3f9b9438c3af6124ea0.tar.zst freebsd-ports-gnome-1476a44ef9bc7f72587ee3f9b9438c3af6124ea0.zip |
Update fetchmail to 6.3.21_1, fixing CVE-2012-3482.
Adjust VuXML database entry from < 6.3.22 to < 6.3.21_1.
PR: ports/170613
Approved by: maintainer timeout (14 days)
Security: http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html
Security: CVE-2012-3482
Diffstat (limited to 'mail')
-rw-r--r-- | mail/fetchmail/Makefile | 1 | ||||
-rw-r--r-- | mail/fetchmail/files/patch-CVE-2012-3482 | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index c829d74cd083..371fbc9b6b47 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -12,6 +12,7 @@ PORTNAME= fetchmail PORTVERSION= 6.3.21 +PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= BERLIOS/${PORTNAME}/ \ SF/${PORTNAME}/branch_6.3/ \ diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482 new file mode 100644 index 000000000000..64e4588effe1 --- /dev/null +++ b/mail/fetchmail/files/patch-CVE-2012-3482 @@ -0,0 +1,53 @@ +diff --git a/ntlm.h b/ntlm.h +index 1469633..ad83520 100644 +--- a/ntlm.h ++++ b/ntlm.h +@@ -32,8 +32,8 @@ uint32 msgType; + tSmbStrHeader uDomain; + uint32 flags; + uint8 challengeData[8]; +-uint8 reserved[8]; +-tSmbStrHeader emptyString; ++uint32 context[2]; ++tSmbStrHeader targetInfo; + uint8 buffer[1024]; + uint32 bufIndex; + }tSmbNtlmAuthChallenge; +diff --git a/ntlmsubr.c b/ntlmsubr.c +index f9d2733..63cbed8 100644 +--- a/ntlmsubr.c ++++ b/ntlmsubr.c +@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + goto cancelfail; + +- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); ++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0 ++ || result < ((void *)&challenge.context - (void *)&challenge)) ++ { ++ report (stderr, GT_("could not decode BASE64 challenge\n")); ++ /* We do not goto cancelfail; the server has already sent the ++ * tagged reply, so the protocol exchange has ended, no need ++ * for us to send the asterisk. */ ++ return PS_AUTHFAIL; ++ } ++ ++ /* validate challenge: ++ * - ident ++ * - message type ++ * - that offset points into buffer ++ * - that offset + length does not wrap ++ * - that offset + length is not bigger than buffer */ ++ if (0 != memcmp("NTLMSSP", challenge.ident, 8) ++ || challenge.msgType != 2 ++ || challenge.uDomain.offset > result ++ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset ++ || challenge.uDomain.offset + challenge.uDomain.len > result) ++ { ++ report (stderr, GT_("NTLM challenge contains invalid data.\n")); ++ result = PS_AUTHFAIL; ++ goto cancelfail; ++ } + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge); |