diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2012-08-30 06:24:48 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2012-08-30 06:24:48 +0000 |
| commit | 3a45d04f929bb95d7c35e0853bbfaa469d4e872d (patch) | |
| tree | 518a56b8c4cf6a4cf252d3477b1f1a40dcf02b77 /mail/fetchmail/files | |
| parent | Add a vuln' entry for fetchmail's CVE-2011-3389 vulnerability. (diff) | |
Update to upstream release fetchmail 6.3.22.
Fixes CVE-2011-3389 (reenabling a countermeasure against
chosen-plaintext attacks against block cipher initialization)
Fixes CVE-2012-3482 (vulnerabilities in NTLM authentication; already
fixed in FreeBSD's port 6.3.21_1)
Assorted other fixes and workarounds.
Adds a Swedish translation.
Release Notes: http://developer.berlios.de/project/shownotes.php?release_id=19117
PR: 171177
Approved by: Corey Halpin (maintainer)
Security: CVE-2012-3482
Security: http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html
Security: CVE-2011-3389
Security: http://www.vuxml.org/freebsd/18ce9a90-f269-11e1-be53-080027ef73ec.html
Notes
Notes:
svn path=/head/; revision=303362
Diffstat (limited to 'mail/fetchmail/files')
| -rw-r--r-- | mail/fetchmail/files/patch-CVE-2012-3482 | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482 deleted file mode 100644 index 64e4588effe1..000000000000 --- a/mail/fetchmail/files/patch-CVE-2012-3482 +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/ntlm.h b/ntlm.h -index 1469633..ad83520 100644 ---- a/ntlm.h -+++ b/ntlm.h -@@ -32,8 +32,8 @@ uint32 msgType; - tSmbStrHeader uDomain; - uint32 flags; - uint8 challengeData[8]; --uint8 reserved[8]; --tSmbStrHeader emptyString; -+uint32 context[2]; -+tSmbStrHeader targetInfo; - uint8 buffer[1024]; - uint32 bufIndex; - }tSmbNtlmAuthChallenge; -diff --git a/ntlmsubr.c b/ntlmsubr.c -index f9d2733..63cbed8 100644 ---- a/ntlmsubr.c -+++ b/ntlmsubr.c -@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) - if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) - goto cancelfail; - -- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); -+ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0 -+ || result < ((void *)&challenge.context - (void *)&challenge)) -+ { -+ report (stderr, GT_("could not decode BASE64 challenge\n")); -+ /* We do not goto cancelfail; the server has already sent the -+ * tagged reply, so the protocol exchange has ended, no need -+ * for us to send the asterisk. */ -+ return PS_AUTHFAIL; -+ } -+ -+ /* validate challenge: -+ * - ident -+ * - message type -+ * - that offset points into buffer -+ * - that offset + length does not wrap -+ * - that offset + length is not bigger than buffer */ -+ if (0 != memcmp("NTLMSSP", challenge.ident, 8) -+ || challenge.msgType != 2 -+ || challenge.uDomain.offset > result -+ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset -+ || challenge.uDomain.offset + challenge.uDomain.len > result) -+ { -+ report (stderr, GT_("NTLM challenge contains invalid data.\n")); -+ result = PS_AUTHFAIL; -+ goto cancelfail; -+ } - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthChallenge(stdout, &challenge); |