Date: Mon, 7 Mar 2005 20:45:28 +0200 (EET) From: Esa Karkkainen <ejk@iki.fi> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Esa Karkkainen <ejk@iki.fi> Subject: ports/78547: Security update port: ftp/curl from 7.12.3_2 to 7.12.3_3 Message-ID: <200503071845.j27IjSG6091355@thunderbolt.my.domain> Resent-Message-ID: <200503071850.j27Io1qD000846@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 78547 >Category: ports >Synopsis: Security update port: ftp/curl from 7.12.3_2 to 7.12.3_3 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Mar 07 18:50:00 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Esa Karkkainen >Release: FreeBSD 5.3-RELEASE-p3 i386 >Organization: Is in state of disintegration >Environment: System: FreeBSD 5.3-RELEASE-p3 #33: Wed Jan 5 19:01:24 EET 2005 Ports tree cvsupped at Mon Mar 7 19:59:08 2005 >Description: # portaudit Affected package: curl-7.12.3_2 Type of problem: curl -- authentication buffer overflow vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/96df5fd0-8900-11d9-aa18-0001020eed82.html>; Fix has been obtained from http://cool.haxx.se/cvs.cgi/curl/lib/http_ntlm.c.diff?r1=1.36&r2=1.37 >How-To-Repeat: cd /usr/ports/ftp/curl && make all >Fix: I've attached fix from cURL CVS below and bumped PORTREVISION in ports Makefile diff -ruN /usr/ports/ftp/curl/Makefile curl/Makefile --- /usr/ports/ftp/curl/Makefile Tue Dec 21 19:01:02 2004 +++ curl/Makefile Mon Mar 7 20:30:07 2005 @@ -7,7 +7,7 @@ PORTNAME= curl PORTVERSION= 7.12.3 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= ftp ipv6 www MASTER_SITES= http://curl.haxx.se/download/ \ ${MASTER_SITE_SOURCEFORGE} \ diff -ruN /usr/ports/ftp/curl/files/patch-lib::http_ntlm.c curl/files/patch-lib::http_ntlm.c --- /usr/ports/ftp/curl/files/patch-lib::http_ntlm.c Thu Jan 1 02:00:00 1970 +++ curl/files/patch-lib::http_ntlm.c Mon Mar 7 20:41:50 2005 @@ -0,0 +1,41 @@ +--- lib/http_ntlm.c.orig Wed Dec 8 01:09:41 2004 ++++ lib/http_ntlm.c Mon Mar 7 20:40:18 2005 +@@ -18,7 +18,7 @@ + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * +- * $Id: http_ntlm.c,v 1.36 2004/12/07 23:09:41 bagder Exp $ ++ * $Id: http_ntlm.c,v 1.37 2005/02/22 07:44:14 bagder Exp $ + ***************************************************************************/ + #include "setup.h" + +@@ -103,7 +103,6 @@ + header++; + + if(checkprefix("NTLM", header)) { +- unsigned char buffer[256]; + header += strlen("NTLM"); + + while(*header && isspace((int)*header)) +@@ -123,8 +122,12 @@ + (40) Target Information (optional) security buffer(*) + 32 (48) start of data block + */ ++ size_t size; ++ unsigned char *buffer = (unsigned char *)malloc(strlen(header)); ++ if (buffer == NULL) ++ return CURLNTLM_BAD; + +- size_t size = Curl_base64_decode(header, (char *)buffer); ++ size = Curl_base64_decode(header, (char *)buffer); + + ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */ + +@@ -134,6 +137,7 @@ + + /* at index decimal 20, there's a 32bit NTLM flag field */ + ++ free(buffer); + } + else { + if(ntlm->state >= NTLMSTATE_TYPE1) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503071845.j27IjSG6091355>