Date: Mon, 13 Aug 2012 22:55:05 +0200 From: Matthias Andree <mandree@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: chalpin@cs.wisc.edu Subject: ports/170613: [PATCH] mail/fetchmail: update to 6.3.21_1 Message-ID: <E1T11fF-00095z-VI@apollo.emma.line.org> Resent-Message-ID: <201208132100.q7DL0M4b091716@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 170613
>Category: ports
>Synopsis: [PATCH] mail/fetchmail: update to 6.3.21_1
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 13 21:00:22 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 9.1-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD apollo.emma.line.org 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #3: Fri Aug 10 23:05:39 CEST 2012
>Description:
- Update to 6.3.21_1, with a security fix for NTLM auth (fixes a
DoS/crash). Details to be disclosed later.
Added file(s):
- files/patch-3fbc7c
Port maintainer (chalpin@cs.wisc.edu) is cc'd.
Generated with FreeBSD Port Tools 0.99_6 (mode: update, diff: ports)
>How-To-Repeat:
>Fix:
--- fetchmail-6.3.21_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports//mail/fetchmail/Makefile ./Makefile
--- /usr/ports//mail/fetchmail/Makefile 2012-02-25 00:56:18.000000000 +0100
+++ ./Makefile 2012-08-13 22:46:33.000000000 +0200
@@ -12,6 +12,7 @@
PORTNAME= fetchmail
PORTVERSION= 6.3.21
+PORTREVISION= 1
CATEGORIES= mail ipv6
MASTER_SITES= BERLIOS/${PORTNAME}/ \
SF/${PORTNAME}/branch_6.3/ \
diff -ruN --exclude=CVS /usr/ports//mail/fetchmail/files/patch-3fbc7c ./files/patch-3fbc7c
--- /usr/ports//mail/fetchmail/files/patch-3fbc7c 1970-01-01 01:00:00.000000000 +0100
+++ ./files/patch-3fbc7c 2012-08-13 22:46:13.000000000 +0200
@@ -0,0 +1,38 @@
+commit 3fbc7cd331602c76f882d1b507cd05c1d824ba8b
+Author: Matthias Andree <matthias.andree@gmx.de>
+Date: Mon Aug 13 20:48:12 2012 +0200
+
+ Fix crash: Handle invalid base64 in NTLM challenge.
+
+ Some servers, for instance the MS Exchange servers deployed by the
+ US-American National Aeronautics and Space Administration (NASA),
+ aborted the NTLM protocol exchange after receiving the initial request.
+
+ Fetchmail did not detect that there was an error message, rather than
+ NTLM protocol exchange, and caught a segmentation fault while reading
+ from a bad location.
+
+ Detect base64 decoding errors, and return PS_AUTHFAIL in this case.
+
+ Reported by J[ames] Porter Clark.
+
+diff --git a/ntlmsubr.c b/ntlmsubr.c
+index f9d2733..9321d26 100644
+--- a/ntlmsubr.c
++++ b/ntlmsubr.c
+@@ -55,7 +55,14 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
+ if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ goto cancelfail;
+
+- (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0)
++ {
++ report (stderr, GT_("could not decode BASE64 challenge\n"));
++ /* We do not goto cancelfail; the server has already sent the
++ * tagged reply, so the protocol exchange has ended, no need
++ * for us to send the asterisk. */
++ return PS_AUTHFAIL;
++ }
+
+ if (outlevel >= O_DEBUG)
+ dumpSmbNtlmAuthChallenge(stdout, &challenge);
--- fetchmail-6.3.21_1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1T11fF-00095z-VI>