From 3a45d04f929bb95d7c35e0853bbfaa469d4e872d Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 30 Aug 2012 06:24:48 +0000 Subject: Update to upstream release fetchmail 6.3.22. Fixes CVE-2011-3389 (reenabling a countermeasure against chosen-plaintext attacks against block cipher initialization) Fixes CVE-2012-3482 (vulnerabilities in NTLM authentication; already fixed in FreeBSD's port 6.3.21_1) Assorted other fixes and workarounds. Adds a Swedish translation. Release Notes: http://developer.berlios.de/project/shownotes.php?release_id=19117 PR: 171177 Approved by: Corey Halpin (maintainer) Security: CVE-2012-3482 Security: http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html Security: CVE-2011-3389 Security: http://www.vuxml.org/freebsd/18ce9a90-f269-11e1-be53-080027ef73ec.html --- mail/fetchmail/files/patch-CVE-2012-3482 | 53 -------------------------------- 1 file changed, 53 deletions(-) delete mode 100644 mail/fetchmail/files/patch-CVE-2012-3482 (limited to 'mail/fetchmail/files') diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482 deleted file mode 100644 index 64e4588effe1..000000000000 --- a/mail/fetchmail/files/patch-CVE-2012-3482 +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/ntlm.h b/ntlm.h -index 1469633..ad83520 100644 ---- a/ntlm.h -+++ b/ntlm.h -@@ -32,8 +32,8 @@ uint32 msgType; - tSmbStrHeader uDomain; - uint32 flags; - uint8 challengeData[8]; --uint8 reserved[8]; --tSmbStrHeader emptyString; -+uint32 context[2]; -+tSmbStrHeader targetInfo; - uint8 buffer[1024]; - uint32 bufIndex; - }tSmbNtlmAuthChallenge; -diff --git a/ntlmsubr.c b/ntlmsubr.c -index f9d2733..63cbed8 100644 ---- a/ntlmsubr.c -+++ b/ntlmsubr.c -@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) - if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) - goto cancelfail; - -- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); -+ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0 -+ || result < ((void *)&challenge.context - (void *)&challenge)) -+ { -+ report (stderr, GT_("could not decode BASE64 challenge\n")); -+ /* We do not goto cancelfail; the server has already sent the -+ * tagged reply, so the protocol exchange has ended, no need -+ * for us to send the asterisk. */ -+ return PS_AUTHFAIL; -+ } -+ -+ /* validate challenge: -+ * - ident -+ * - message type -+ * - that offset points into buffer -+ * - that offset + length does not wrap -+ * - that offset + length is not bigger than buffer */ -+ if (0 != memcmp("NTLMSSP", challenge.ident, 8) -+ || challenge.msgType != 2 -+ || challenge.uDomain.offset > result -+ || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset -+ || challenge.uDomain.offset + challenge.uDomain.len > result) -+ { -+ report (stderr, GT_("NTLM challenge contains invalid data.\n")); -+ result = PS_AUTHFAIL; -+ goto cancelfail; -+ } - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthChallenge(stdout, &challenge); -- cgit v1.2.3