diff options
Diffstat (limited to 'mail/fetchmail/files/patch-CVE-2012-3482')
| -rw-r--r-- | mail/fetchmail/files/patch-CVE-2012-3482 | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482 deleted file mode 100644 index 64e4588effe1..000000000000 --- a/mail/fetchmail/files/patch-CVE-2012-3482 +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/ntlm.h b/ntlm.h -index 1469633..ad83520 100644 ---- a/ntlm.h -+++ b/ntlm.h -@@ -32,8 +32,8 @@ uint32 msgType; - tSmbStrHeader uDomain; - uint32 flags; - uint8 challengeData[8]; --uint8 reserved[8]; --tSmbStrHeader emptyString; -+uint32 context[2]; -+tSmbStrHeader targetInfo; - uint8 buffer[1024]; - uint32 bufIndex; - }tSmbNtlmAuthChallenge; -diff --git a/ntlmsubr.c b/ntlmsubr.c -index f9d2733..63cbed8 100644 ---- a/ntlmsubr.c -+++ b/ntlmsubr.c -@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) - if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) - goto cancelfail; - -- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); -+ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0 -+ || result < ((void *)&challenge.context - (void *)&challenge)) -+ { -+ report (stderr, GT_("could not decode BASE64 challenge\n")); -+ /* We do not goto cancelfail; the server has already sent the -+ * tagged reply, so the protocol exchange has ended, no need -+ * for us to send the asterisk. */ -+ return PS_AUTHFAIL; -+ } -+ -+ /* validate challenge: -+ * - ident -+ * - message type -+ * - that offset points into buffer -+ * - that offset + length does not wrap -+ * - that offset + length is not bigger than buffer */ -+ if (0 != memcmp("NTLMSSP", challenge.ident, 8) -+ || challenge.msgType != 2 -+ || challenge.uDomain.offset > result -+ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset -+ || challenge.uDomain.offset + challenge.uDomain.len > result) -+ { -+ report (stderr, GT_("NTLM challenge contains invalid data.\n")); -+ result = PS_AUTHFAIL; -+ goto cancelfail; -+ } - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthChallenge(stdout, &challenge); |