Correct two format string vulnerabilities and two buffer overflows in

metamail (CVE names CAN-2004-0104 and CAN-2004-0104). Submitted by: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
author: Jacques Vidrine <nectar@FreeBSD.org> 2004-02-18 21:47:18 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2004-02-18 21:47:18 +0000
commit: ee71d98820a60281387a6d911e428c84a10b7e1f (patch)
tree: 480e45fc8b01f1b65c1904e0d0db6ddc6b46fd82 /mail/metamail
parent: 97a850e4deb0889780a64ff76f3098bcb087b49d (diff)
download: ports-ee71d98820a60281387a6d911e428c84a10b7e1f.tar.gz
ports-ee71d98820a60281387a6d911e428c84a10b7e1f.zip
3 files changed, 79 insertions, 4 deletions
diff --git a/mail/metamail/Makefile b/mail/metamail/Makefile
index 00cfa31add11..fe4f9458966d 100644
--- a/mail/metamail/Makefile
+++ b/mail/metamail/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	metamail
 PORTVERSION=	2.7
+PORTREVISION=	1
 CATEGORIES=	mail
 MASTER_SITES=	ftp://thumper.bellcore.com/pub/nsb/
 DISTNAME=	mm${PORTVERSION}
diff --git a/mail/metamail/files/patch-ae b/mail/metamail/files/patch-ae
index 263382803431..3cfe25c60518 100644
--- a/mail/metamail/files/patch-ae
+++ b/mail/metamail/files/patch-ae
@@ -1,5 +1,5 @@
-*** metamail/splitmail.c.orig	Sun Jun 18 13:13:56 1995
---- metamail/splitmail.c	Sun Jun 18 13:14:48 1995
+*** metamail/splitmail.c.orig	Mon Jan 31 16:23:14 1994
+--- metamail/splitmail.c	Wed Feb 18 15:39:09 2004
 ***************
 *** 41,48 ****
   #define VERBOSEDELIVERYCMD VerboseDeliveryCmd
@@ -19,3 +19,21 @@
   #endif
   
   usageexit() {
+***************
+*** 361,367 ****
+      }
+      if (!ULstrcmp(s, "subject")) {
+          *colon = ':';
+!         strcpy(SubjectBuf, ++colon);
+          return(0);
+      }
+      if (!ULstrcmp(s, "content-type")) {
+--- 361,368 ----
+      }
+      if (!ULstrcmp(s, "subject")) {
+          *colon = ':';
+!         strncpy(SubjectBuf, ++colon, sizeof(SubjectBuf));
+!         SubjectBuf[sizeof(SubjectBuf) - 1] = '\0';
+          return(0);
+      }
+      if (!ULstrcmp(s, "content-type")) {
diff --git a/mail/metamail/files/patch-af b/mail/metamail/files/patch-af
index 2cb4033d6e55..3a67175fd480 100644
--- a/mail/metamail/files/patch-af
+++ b/mail/metamail/files/patch-af
@@ -74,8 +74,8 @@
                       while (s && *s && isspace((unsigned char) *s)) ++s;
                       if (s && (*s == 'y' || *s == 'Y')) break;
                       continue;
-*** metamail.c.bak	Thu Feb 17 04:57:19 1994
---- metamail/metamail.c	Mon Nov 20 01:21:37 1995
+*** metamail/metamail.c.orig	Wed Feb 16 19:57:19 1994
+--- metamail/metamail.c	Wed Feb 18 15:39:09 2004
 ***************
 *** 83,89 ****
   #define MAX_FILE_NAME_SIZE 256
@@ -111,6 +111,27 @@
                                           overwriteans = 0;
                                       } else {
 ***************
+*** 1202,1210 ****
+      fprintf(outfp, "Content-type: %s", ContentType);
+      for (j=0; j<CParamsUsed; ++j) {
+          fprintf(outfp, " ; ");
+!         fprintf(outfp, CParams[j]);
+          fprintf(outfp, " = ");
+!         fprintf(outfp, CParamValues[j]);
+      }
+      fprintf(outfp, "\n\n"); 
+      TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
+--- 1202,1210 ----
+      fprintf(outfp, "Content-type: %s", ContentType);
+      for (j=0; j<CParamsUsed; ++j) {
+          fprintf(outfp, " ; ");
+!         fprintf(outfp, "%s", CParams[j]);
+          fprintf(outfp, " = ");
+!         fprintf(outfp, "%s", CParamValues[j]);
+      }
+      fprintf(outfp, "\n\n"); 
+      TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
+***************
 *** 1823,1829 ****
           } else {
               printf("This message contains '%s'-format data.\nDo you want to view it using the '%s' command (y/n) [y] ? ", ctype, ShortCommand(progname));
@@ -127,3 +148,38 @@
           if (!s) return(0); /* EOF */
   	while (s && *s && isspace((unsigned char) *s)) ++s;
   	if (*s == 'y' || *s == 'Y' || !*s || *s == '\n') return(1);
+***************
+*** 2022,2028 ****
+      if (lc2strcmp(charset, PrevCharset)) {
+          char *s2, *charsetinuse;
+  
+!         strcpy(PrevCharset, charset);
+          for (s2=PrevCharset; *s2; ++s2) {
+              if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
+          }
+--- 2022,2029 ----
+      if (lc2strcmp(charset, PrevCharset)) {
+          char *s2, *charsetinuse;
+  
+!         strncpy(PrevCharset, charset, sizeof(PrevCharset));
+!         PrevCharset[sizeof(PrevCharset) - 1] = '\0';
+          for (s2=PrevCharset; *s2; ++s2) {
+              if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
+          }
+***************
+*** 2032,2038 ****
+          }
+      }
+      if (ecode == ENCODING_NONE) {
+!         printf(txt+1);
+      } else {
+          /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
+          MkTmpFileName(TmpFile);
+--- 2033,2039 ----
+          }
+      }
+      if (ecode == ENCODING_NONE) {
+!         printf("%s", txt+1);
+      } else {
+          /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
+          MkTmpFileName(TmpFile);
author	Jacques Vidrine <nectar@FreeBSD.org>	2004-02-18 21:47:18 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2004-02-18 21:47:18 +0000
commit	ee71d98820a60281387a6d911e428c84a10b7e1f (patch)
tree	480e45fc8b01f1b65c1904e0d0db6ddc6b46fd82 /mail/metamail
parent	97a850e4deb0889780a64ff76f3098bcb087b49d (diff)
download	ports-ee71d98820a60281387a6d911e428c84a10b7e1f.tar.gz ports-ee71d98820a60281387a6d911e428c84a10b7e1f.zip