Date: Wed, 23 Feb 2022 02:35:13 GMT From: Hajimu UMEMOTO <ume@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c4eb47c93f83 - main - security/cyrus-sasl2-sql: Escape password for SQL insert/update commands Message-ID: <202202230235.21N2ZDJ8067303@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by ume: URL: https://cgit.FreeBSD.org/ports/commit/?id=c4eb47c93f835c4e3349e9a97a13e50621beef6a commit c4eb47c93f835c4e3349e9a97a13e50621beef6a Author: Hajimu UMEMOTO <ume@FreeBSD.org> AuthorDate: 2022-02-23 02:15:13 +0000 Commit: Hajimu UMEMOTO <ume@FreeBSD.org> CommitDate: 2022-02-23 02:34:14 +0000 security/cyrus-sasl2-sql: Escape password for SQL insert/update commands Obtained from: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 Security: CVE-2022-24407 --- security/cyrus-sasl2-sql/Makefile | 1 + security/cyrus-sasl2/files/patch-plugins__sql.c | 66 +++++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/security/cyrus-sasl2-sql/Makefile b/security/cyrus-sasl2-sql/Makefile index 471cc4038e0f..c8ef4ce4f261 100644 --- a/security/cyrus-sasl2-sql/Makefile +++ b/security/cyrus-sasl2-sql/Makefile @@ -1,4 +1,5 @@ PKGNAMESUFFIX= -sql +PORTREVISION= 1 COMMENT= SASL SQL plugins diff --git a/security/cyrus-sasl2/files/patch-plugins__sql.c b/security/cyrus-sasl2/files/patch-plugins__sql.c new file mode 100644 index 000000000000..1983317092bf --- /dev/null +++ b/security/cyrus-sasl2/files/patch-plugins__sql.c @@ -0,0 +1,66 @@ +--- plugins/sql.c.orig 2016-12-10 15:45:55 UTC ++++ plugins/sql.c +@@ -1150,6 +1150,7 @@ static int sql_auxprop_store(void *glob_context, + char *statement = NULL; + char *escap_userid = NULL; + char *escap_realm = NULL; ++ char *escap_passwd = NULL; + const char *cmd; + + sql_settings_t *settings; +@@ -1221,6 +1222,11 @@ static int sql_auxprop_store(void *glob_context, + "Unable to begin transaction\n"); + } + for (cur = to_store; ret == SASL_OK && cur->name; cur++) { ++ /* Free the buffer, current content is from previous loop. */ ++ if (escap_passwd) { ++ sparams->utils->free(escap_passwd); ++ escap_passwd = NULL; ++ } + + if (cur->name[0] == '*') { + continue; +@@ -1242,19 +1248,32 @@ static int sql_auxprop_store(void *glob_context, + } + sparams->utils->free(statement); + ++ if (cur->values[0]) { ++ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1); ++ if (!escap_passwd) { ++ ret = SASL_NOMEM; ++ break; ++ } ++ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]); ++ } ++ + /* create a statement that we will use */ + statement = sql_create_statement(cmd, cur->name, escap_userid, + escap_realm, +- cur->values && cur->values[0] ? +- cur->values[0] : SQL_NULL_VALUE, ++ escap_passwd ? ++ escap_passwd : SQL_NULL_VALUE, + sparams->utils); ++ if (!statement) { ++ ret = SASL_NOMEM; ++ break; ++ } + + { + char *log_statement = + sql_create_statement(cmd, cur->name, + escap_userid, + escap_realm, +- cur->values && cur->values[0] ? ++ escap_passwd ? + "<omitted>" : SQL_NULL_VALUE, + sparams->utils); + sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, +@@ -1287,6 +1306,7 @@ static int sql_auxprop_store(void *glob_context, + done: + if (escap_userid) sparams->utils->free(escap_userid); + if (escap_realm) sparams->utils->free(escap_realm); ++ if (escap_passwd) sparams->utils->free(escap_passwd); + if (conn) settings->sql_engine->sql_close(conn); + if (userid) sparams->utils->free(userid); + if (realm) sparams->utils->free(realm);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202230235.21N2ZDJ8067303>