diff options
| author | Eygene Ryabinkin <rea@FreeBSD.org> | 2012-08-26 17:33:12 +0000 |
|---|---|---|
| committer | Eygene Ryabinkin <rea@FreeBSD.org> | 2012-08-26 17:33:12 +0000 |
| commit | f7b99adb952b26344d8e23a6ddd66b3115e1b73a (patch) | |
| tree | 6a16b562008310e49f2231a63f7a20e0352fe05e /news/inn | |
| parent | 2d49c7eaf8df486500e5016b02f719eea578d045 (diff) | |
| download | ports-f7b99adb952b26344d8e23a6ddd66b3115e1b73a.tar.gz ports-f7b99adb952b26344d8e23a6ddd66b3115e1b73a.zip | |
news/inn: fix plaintext command injection, CVE-2012-3523
Relevant only for INN installations that are using encryption.
PR: 171013
Approved by: fluffy@FreeBSD.org (maintainer)
Security: http://www.vuxml.org/freebsd/a7975581-ee26-11e1-8bd8-0022156e8794.html
Notes
Notes:
svn path=/head/; revision=303194
Diffstat (limited to 'news/inn')
| -rw-r--r-- | news/inn/Makefile | 2 | ||||
| -rw-r--r-- | news/inn/files/patch-cve-2012-3523-minimal | 61 |
2 files changed, 62 insertions, 1 deletions
diff --git a/news/inn/Makefile b/news/inn/Makefile index 0021a40786d0..706472cb3f07 100644 --- a/news/inn/Makefile +++ b/news/inn/Makefile @@ -7,7 +7,7 @@ PORTNAME?= inn PORTVERSION?= 2.5.2 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= news ipv6 # Master distribution broken #MASTER_SITES?= ${MASTER_SITE_ISC} diff --git a/news/inn/files/patch-cve-2012-3523-minimal b/news/inn/files/patch-cve-2012-3523-minimal new file mode 100644 index 000000000000..3d166378a7a4 --- /dev/null +++ b/news/inn/files/patch-cve-2012-3523-minimal @@ -0,0 +1,61 @@ +Fixes CVE-2012-3523. This is a stripped down version of 2.5.2 -> 2.5.3 +patch that adds line_reset() to the relevant places. + +Obtained-from: ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz +diff -Nurp inn-2.5.2/nnrpd/line.c inn-2.5.3/nnrpd/line.c +--- nnrpd/line.c 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/line.c 2012-06-15 11:25:36.000000000 -0700 +@@ -66,6 +66,17 @@ line_init(struct line *line) + line->remaining = 0; + } + ++/* ++** Reset a line structure. ++*/ ++void ++line_reset(struct line *line) ++{ ++ assert(line); ++ line->where = line->start; ++ line->remaining = 0; ++} ++ + /* + ** Timeout is used only if HAVE_SSL is defined. + */ +diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c +--- nnrpd/misc.c 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/misc.c 2012-06-15 11:25:36.000000000 -0700 +@@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN + GRPcount = 0; + PERMgroupmadeinvalid = false; + } ++ ++ /* Reset our read buffer so as to prevent plaintext command injection. */ ++ line_reset(&NNTPline); + } + #endif /* HAVE_SSL */ +diff -Nurp inn-2.5.2/nnrpd/nnrpd.h inn-2.5.3/nnrpd/nnrpd.h +--- nnrpd/nnrpd.h 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/nnrpd.h 2012-06-15 11:25:36.000000000 -0700 +@@ -292,6 +292,7 @@ void PY_dynamic_init (char* file); + + void line_free(struct line *); + void line_init(struct line *); ++void line_reset(struct line *); + READTYPE line_read(struct line *, int, const char **, size_t *, size_t *); + + #ifdef HAVE_SASL +diff -Nurp inn-2.5.2/nnrpd/sasl.c inn-2.5.3/nnrpd/sasl.c +--- nnrpd/sasl.c 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/sasl.c 2012-06-15 11:25:36.000000000 -0700 +@@ -326,6 +326,9 @@ SASLauth(int ac, char *av[]) + GRPcount = 0; + PERMgroupmadeinvalid = false; + } ++ ++ /* Reset our read buffer so as to prevent plaintext command injection. */ ++ line_reset(&NNTPline); + } + } else { + /* Failure. */ |