diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-12-15 22:20:08 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-12-15 22:20:08 +0000 |
| commit | e596d188def03ef175bfd21ce09dd56eb0a72f30 (patch) | |
| tree | 7d4fb5d60de01762146ade2651dd0313da336c16 /databases/cyrus-imspd | |
| parent | Update to 0.14. (diff) | |
Patch a remotely exploitable root buffer overflow, as reported by a
nruns.com security advisory published on the Full-Disclosure list.
Notes
Notes:
svn path=/head/; revision=95918
Diffstat (limited to 'databases/cyrus-imspd')
| -rw-r--r-- | databases/cyrus-imspd/Makefile | 2 | ||||
| -rw-r--r-- | databases/cyrus-imspd/files/patch-imsp::abook.c | 129 |
2 files changed, 130 insertions, 1 deletions
diff --git a/databases/cyrus-imspd/Makefile b/databases/cyrus-imspd/Makefile index 968fd1892afe..225e1b00838c 100644 --- a/databases/cyrus-imspd/Makefile +++ b/databases/cyrus-imspd/Makefile @@ -7,7 +7,7 @@ PORTNAME= cyrus-imspd PORTVERSION= 1.6a3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= databases mail MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \ ftp://ftp.hanse.de/sites/transit/mirror/ftp.andrew.cmu.edu/pub/cyrus-mail/ diff --git a/databases/cyrus-imspd/files/patch-imsp::abook.c b/databases/cyrus-imspd/files/patch-imsp::abook.c new file mode 100644 index 000000000000..ca6cae45d264 --- /dev/null +++ b/databases/cyrus-imspd/files/patch-imsp::abook.c @@ -0,0 +1,129 @@ +--- imsp/abook.c.orig Mon Dec 15 15:52:51 2003 ++++ imsp/abook.c Mon Dec 15 15:58:41 2003 +@@ -68,8 +68,9 @@ + /* generate the database name for an address book + * returns -1 for invalid name, otherwise returns length of owner name + */ +-static int abook_dbname(dbname, name) ++static int abook_dbname(dbname, name, dbnamelen) + char *dbname, *name; ++ size_t dbnamelen; + { + char *split; + int len = strlen(name), ownerlen; +@@ -86,7 +87,9 @@ + ownerlen = split - name; + } + +- sprintf(dbname, abookdb, ownerlen, name, name); ++ if (snprintf(dbname, dbnamelen, abookdb, ownerlen, name, ++ name) >= dbnamelen) ++ return (-1); + + return (ownerlen); + } +@@ -104,7 +107,7 @@ + long mask = 0; + + /* look up the database */ +- len = abook_dbname(dbname, name); ++ len = abook_dbname(dbname, name, sizeof(dbname)); + if (len < 0) return (0); + + /* get the ACL */ +@@ -161,7 +164,7 @@ + while (dot >= cname && *dot != '.') --dot; + if (dot >= cname) *dot = '\0'; + sdb_get(abooks, cname, SDB_ICASE, pacl); +- abook_dbname(dbname, cname); ++ abook_dbname(dbname, cname, sizeof(dbname)); + exists = sdb_check(dbname); + if (exists == 0) mask = abook_rights(id, cname, *pacl); + if (dot >= cname) --dot; +@@ -212,7 +215,7 @@ + state->kv = NULL; + *count = 0; + *freedata = 0; +- if (abook_dbname(dbname, name) < 0) return (NULL); ++ if (abook_dbname(dbname, name, sizeof(dbname)) < 0) return (NULL); + + #ifdef HAVE_LDAP + if (abook_usesldap(id, name)) { +@@ -348,7 +351,7 @@ + } + #endif + +- if (abook_dbname(dbname, name) < 0) return (AB_FAIL); ++ if (abook_dbname(dbname, name, sizeof(dbname)) < 0) return (AB_FAIL); + + /* start match */ + if (!fcount) { +@@ -481,7 +484,8 @@ + int ownerlen, result = 0; + + /* find abook, and make sure it doesn't exist */ +- if ((ownerlen = abook_dbname(dbname, name)) < 0) return (AB_FAIL); ++ if ((ownerlen = abook_dbname(dbname, name, sizeof(dbname))) < 0) ++ return (AB_FAIL); + if (sdb_check(dbname) == 0) return (AB_EXIST); + + #if 0 +@@ -562,7 +566,7 @@ + char *sep, *value; + + /* find abook, and make sure it exists */ +- if ((ownerlen = abook_dbname(dbname, name)) < 0) { ++ if ((ownerlen = abook_dbname(dbname, name, sizeof(dbname))) < 0) { + return (AB_FAIL); + } + if (ownerlen == strlen(name) && auth_level(id) != AUTH_ADMIN) { +@@ -630,8 +634,8 @@ + + /* make sure names are valid */ + if (!strcasecmp(name, newname) || +- (osrclen = abook_dbname(dbsrc, name)) < 0 || +- (odstlen = abook_dbname(dbdst, newname)) < 0) { ++ (osrclen = abook_dbname(dbsrc, name, sizeof(dbsrc))) < 0 || ++ (odstlen = abook_dbname(dbdst, newname, sizeof(dbdst))) < 0) { + return (AB_FAIL); + } + if (sdb_check(dbsrc) < 0) return (AB_NOEXIST); +@@ -734,7 +738,8 @@ + int i, result, ownerlen, maxfieldlen, len; + long delta; + +- if ((ownerlen = abook_dbname(dbname, name)) < 0) return (AB_FAIL); ++ if ((ownerlen = abook_dbname(dbname, name, sizeof(dbname))) < 0) ++ return (AB_FAIL); + sprintf(uname, "%.*s", ownerlen, name); + + /* check for invalid characters in alias or field */ +@@ -844,7 +849,8 @@ + return (AB_PERM); + } + +- if ((ownerlen = abook_dbname(dbname, name)) < 0) return (AB_FAIL); ++ if ((ownerlen = abook_dbname(dbname, name, sizeof(dbname))) < 0) ++ return (AB_FAIL); + + /* check for invalid characters in alias */ + for (scan = alias; *scan && *scan != '*' && *scan != '%'; ++scan); +@@ -910,7 +916,8 @@ + } + + /* make sure db exists */ +- if ((ownerlen = abook_dbname(dbname, name)) < 0) return (AB_FAIL); ++ if ((ownerlen = abook_dbname(dbname, name, sizeof(dbname))) < 0) ++ return (AB_FAIL); + if (sdb_check(dbname) < 0) return (AB_NOEXIST); + + /* lock acl db */ +@@ -977,7 +984,7 @@ + char *acl; + + /* look up the database */ +- if (abook_dbname(dbname, name) < 0) return (NULL); ++ if (abook_dbname(dbname, name, sizeof(dbname)) < 0) return (NULL); + + /* make sure db exists */ + if (sdb_check(dbname) < 0) return (NULL); |