aboutsummaryrefslogtreecommitdiffstats
path: root/mail
diff options
context:
space:
mode:
authormandree <mandree@FreeBSD.org>2012-08-28 01:44:23 +0800
committermandree <mandree@FreeBSD.org>2012-08-28 01:44:23 +0800
commit1476a44ef9bc7f72587ee3f9b9438c3af6124ea0 (patch)
treeaf486af50b7e19a9a6a94a14ad8edecd73a4c293 /mail
parenta3e617d915c8763c8bd08887c1b39e82ea4137ec (diff)
downloadfreebsd-ports-gnome-1476a44ef9bc7f72587ee3f9b9438c3af6124ea0.tar.gz
freebsd-ports-gnome-1476a44ef9bc7f72587ee3f9b9438c3af6124ea0.tar.zst
freebsd-ports-gnome-1476a44ef9bc7f72587ee3f9b9438c3af6124ea0.zip
Update fetchmail to 6.3.21_1, fixing CVE-2012-3482.
Adjust VuXML database entry from < 6.3.22 to < 6.3.21_1. PR: ports/170613 Approved by: maintainer timeout (14 days) Security: http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html Security: CVE-2012-3482
Diffstat (limited to 'mail')
-rw-r--r--mail/fetchmail/Makefile1
-rw-r--r--mail/fetchmail/files/patch-CVE-2012-348253
2 files changed, 54 insertions, 0 deletions
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index c829d74cd083..371fbc9b6b47 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -12,6 +12,7 @@
PORTNAME= fetchmail
PORTVERSION= 6.3.21
+PORTREVISION= 1
CATEGORIES= mail ipv6
MASTER_SITES= BERLIOS/${PORTNAME}/ \
SF/${PORTNAME}/branch_6.3/ \
diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482
new file mode 100644
index 000000000000..64e4588effe1
--- /dev/null
+++ b/mail/fetchmail/files/patch-CVE-2012-3482
@@ -0,0 +1,53 @@
+diff --git a/ntlm.h b/ntlm.h
+index 1469633..ad83520 100644
+--- a/ntlm.h
++++ b/ntlm.h
+@@ -32,8 +32,8 @@ uint32 msgType;
+ tSmbStrHeader uDomain;
+ uint32 flags;
+ uint8 challengeData[8];
+-uint8 reserved[8];
+-tSmbStrHeader emptyString;
++uint32 context[2];
++tSmbStrHeader targetInfo;
+ uint8 buffer[1024];
+ uint32 bufIndex;
+ }tSmbNtlmAuthChallenge;
+diff --git a/ntlmsubr.c b/ntlmsubr.c
+index f9d2733..63cbed8 100644
+--- a/ntlmsubr.c
++++ b/ntlmsubr.c
+@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
+ if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ goto cancelfail;
+
+- (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0
++ || result < ((void *)&challenge.context - (void *)&challenge))
++ {
++ report (stderr, GT_("could not decode BASE64 challenge\n"));
++ /* We do not goto cancelfail; the server has already sent the
++ * tagged reply, so the protocol exchange has ended, no need
++ * for us to send the asterisk. */
++ return PS_AUTHFAIL;
++ }
++
++ /* validate challenge:
++ * - ident
++ * - message type
++ * - that offset points into buffer
++ * - that offset + length does not wrap
++ * - that offset + length is not bigger than buffer */
++ if (0 != memcmp("NTLMSSP", challenge.ident, 8)
++ || challenge.msgType != 2
++ || challenge.uDomain.offset > result
++ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset
++ || challenge.uDomain.offset + challenge.uDomain.len > result)
++ {
++ report (stderr, GT_("NTLM challenge contains invalid data.\n"));
++ result = PS_AUTHFAIL;
++ goto cancelfail;
++ }
+
+ if (outlevel >= O_DEBUG)
+ dumpSmbNtlmAuthChallenge(stdout, &challenge);