diff options
| author | Hajimu UMEMOTO <ume@FreeBSD.org> | 2022-02-23 02:15:13 +0000 |
|---|---|---|
| committer | Hajimu UMEMOTO <ume@FreeBSD.org> | 2022-02-23 02:38:13 +0000 |
| commit | 06cfe2d77605996896f9c4f3615cac4dd92fa6b6 (patch) | |
| tree | 21e6e06d355c7447b6d764df528dcce0513d1961 /security | |
| parent | fdd6cc6195a1b5adeb6b38241b588a29b46e737d (diff) | |
| download | ports-06cfe2d77605996896f9c4f3615cac4dd92fa6b6.tar.gz ports-06cfe2d77605996896f9c4f3615cac4dd92fa6b6.zip | |
security/cyrus-sasl2-sql: Escape password for SQL insert/update commands
Obtained from: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480
Security: CVE-2022-24407
(cherry picked from commit c4eb47c93f835c4e3349e9a97a13e50621beef6a)
Diffstat (limited to 'security')
| -rw-r--r-- | security/cyrus-sasl2-sql/Makefile | 1 | ||||
| -rw-r--r-- | security/cyrus-sasl2/files/patch-plugins__sql.c | 66 |
2 files changed, 67 insertions, 0 deletions
diff --git a/security/cyrus-sasl2-sql/Makefile b/security/cyrus-sasl2-sql/Makefile index 471cc4038e0f..c8ef4ce4f261 100644 --- a/security/cyrus-sasl2-sql/Makefile +++ b/security/cyrus-sasl2-sql/Makefile @@ -1,4 +1,5 @@ PKGNAMESUFFIX= -sql +PORTREVISION= 1 COMMENT= SASL SQL plugins diff --git a/security/cyrus-sasl2/files/patch-plugins__sql.c b/security/cyrus-sasl2/files/patch-plugins__sql.c new file mode 100644 index 000000000000..1983317092bf --- /dev/null +++ b/security/cyrus-sasl2/files/patch-plugins__sql.c @@ -0,0 +1,66 @@ +--- plugins/sql.c.orig 2016-12-10 15:45:55 UTC ++++ plugins/sql.c +@@ -1150,6 +1150,7 @@ static int sql_auxprop_store(void *glob_context, + char *statement = NULL; + char *escap_userid = NULL; + char *escap_realm = NULL; ++ char *escap_passwd = NULL; + const char *cmd; + + sql_settings_t *settings; +@@ -1221,6 +1222,11 @@ static int sql_auxprop_store(void *glob_context, + "Unable to begin transaction\n"); + } + for (cur = to_store; ret == SASL_OK && cur->name; cur++) { ++ /* Free the buffer, current content is from previous loop. */ ++ if (escap_passwd) { ++ sparams->utils->free(escap_passwd); ++ escap_passwd = NULL; ++ } + + if (cur->name[0] == '*') { + continue; +@@ -1242,19 +1248,32 @@ static int sql_auxprop_store(void *glob_context, + } + sparams->utils->free(statement); + ++ if (cur->values[0]) { ++ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1); ++ if (!escap_passwd) { ++ ret = SASL_NOMEM; ++ break; ++ } ++ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]); ++ } ++ + /* create a statement that we will use */ + statement = sql_create_statement(cmd, cur->name, escap_userid, + escap_realm, +- cur->values && cur->values[0] ? +- cur->values[0] : SQL_NULL_VALUE, ++ escap_passwd ? ++ escap_passwd : SQL_NULL_VALUE, + sparams->utils); ++ if (!statement) { ++ ret = SASL_NOMEM; ++ break; ++ } + + { + char *log_statement = + sql_create_statement(cmd, cur->name, + escap_userid, + escap_realm, +- cur->values && cur->values[0] ? ++ escap_passwd ? + "<omitted>" : SQL_NULL_VALUE, + sparams->utils); + sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, +@@ -1287,6 +1306,7 @@ static int sql_auxprop_store(void *glob_context, + done: + if (escap_userid) sparams->utils->free(escap_userid); + if (escap_realm) sparams->utils->free(escap_realm); ++ if (escap_passwd) sparams->utils->free(escap_passwd); + if (conn) settings->sql_engine->sql_close(conn); + if (userid) sparams->utils->free(userid); + if (realm) sparams->utils->free(realm); |