Date: Wed, 18 Jun 2008 16:24:58 +0200 (CEST) From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: barner@FreeBSD.org Subject: ports/124718: [PATCH] mail/fetchmail: fix CVE-2008-2711 (crash when logging long headers in -v -v mode) Message-ID: <20080618142458.53738C6FE@merlin.emma.line.org> Resent-Message-ID: <200806181430.m5IEU0xQ057025@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 124718
>Category: ports
>Synopsis: [PATCH] mail/fetchmail: fix CVE-2008-2711 (crash when logging long headers in -v -v mode)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 18 14:30:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 6.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD merlin.emma.line.org 6.3-STABLE FreeBSD 6.3-STABLE #33: Sun Jun 1 11:12:24 CEST
>Description:
Fix CVE-2008-2711 (crash when logging long headers in -v -v mode).
Note that I am not providing a vulndb entry at this time for lack of time.
Added file(s):
- files/patch-CVE-2008-2711
Port maintainer (barner@FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:
--- fetchmail-6.3.8_6.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/Makefile /usr/home/emma/ports/mail/fetchmail/Makefile
--- /usr/ports/mail/fetchmail/Makefile 2008-06-06 15:42:50.000000000 +0200
+++ /usr/home/emma/ports/mail/fetchmail/Makefile 2008-06-18 16:16:56.000000000 +0200
@@ -11,7 +11,7 @@
PORTNAME= fetchmail
PORTVERSION= 6.3.8
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= mail ipv6
MASTER_SITES= ${MASTER_SITE_BERLIOS} \
${MASTER_SITE_SUNSITE:S/$/:sunsite/}\
diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/patch-CVE-2008-2711 /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2008-2711
--- /usr/ports/mail/fetchmail/files/patch-CVE-2008-2711 1970-01-01 01:00:00.000000000 +0100
+++ /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2008-2711 2008-06-18 16:18:27.000000000 +0200
@@ -0,0 +1,31 @@
+diff --git a/report.c b/report.c
+index 31d4e48..2a731ac 100644
+--- ./report.c~
++++ ./report.c
+@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist)
+ rep_ensuresize();
+
+ #if defined(VA_START)
+- VA_START (args, message);
+ for ( ; ; )
+ {
++ /*
++ * args has to be initialized before every call of vsnprintf(),
++ * because vsnprintf() invokes va_arg macro and thus args is
++ * undefined after the call.
++ */
++ VA_START(args, message);
+ n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ message, args);
++ va_end (args);
+
+ if (n >= 0
+ && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_alist)
+ partial_message_size += 2048;
+ partial_message = REALLOC (partial_message, partial_message_size);
+ }
+- va_end (args);
+ #else
+ for ( ; ; )
+ {
--- fetchmail-6.3.8_6.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080618142458.53738C6FE>