[SVN] r844 - in /trunk/cyrus-imapd-2.2.13: debian/patches/0025-upstream-fix-cve-2009-3235.dpatch debian/patches/00list sieve/bc_eval.c sieve/script.c sieve/sieve.y
debian at incase.de
debian at incase.de
Tue Sep 22 22:02:40 UTC 2009
Author: hmh
Date: Wed Sep 23 00:02:34 2009
New Revision: 844
URL: https://mail.incase.de/viewcvs?rev=844&root=cyrus22&view=rev
Log:
Move the CVE 2009-3235 fixes in r843 to dpatch
0025-upstream-fix-cve-2009-3235.dpatch
Added:
trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch (with props)
Modified:
trunk/cyrus-imapd-2.2.13/debian/patches/00list
trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c
trunk/cyrus-imapd-2.2.13/sieve/script.c
trunk/cyrus-imapd-2.2.13/sieve/sieve.y
Added: trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch?rev=844&root=cyrus22&view=auto
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch (added)
+++ trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch Wed Sep 23 00:02:34 2009
@@ -1,0 +1,55 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0025_upstream-fix-cve-2009-3235.dpatch by Henrique de Moraes Holschuh <hmh at debian.org>
+##
+## DP: Fixes for CVE 2009-3235 (multiple Sieve buffer overruns, remote exploitable)
+## DP: taken from upstream CVS, Debian bug #547947
+
+ at DPATCH@
+diff -urNad cyrus-imapd-2.2.13~/sieve/bc_eval.c cyrus-imapd-2.2.13/sieve/bc_eval.c
+--- cyrus-imapd-2.2.13~/sieve/bc_eval.c 2009-09-22 18:47:23.000000000 -0300
++++ cyrus-imapd-2.2.13/sieve/bc_eval.c 2009-09-22 18:57:26.479167505 -0300
+@@ -440,7 +440,7 @@
+ int comparator=ntohl(bc[i+3].value);
+ int apart=ntohl(bc[i+4].value);
+ int count=0;
+- char scount[3];
++ char scount[21];
+ int isReg = (match==B_REGEX);
+ int ctag = 0;
+ regex_t *reg;
+@@ -608,7 +608,7 @@
+ int relation=ntohl(bc[i+2].value);
+ int comparator=ntohl(bc[i+3].value);
+ int count=0;
+- char scount[3];
++ char scount[21];
+ int isReg = (match==B_REGEX);
+ int ctag = 0;
+ regex_t *reg;
+diff -urNad cyrus-imapd-2.2.13~/sieve/script.c cyrus-imapd-2.2.13/sieve/script.c
+--- cyrus-imapd-2.2.13~/sieve/script.c 2009-09-22 18:57:09.666668946 -0300
++++ cyrus-imapd-2.2.13/sieve/script.c 2009-09-22 18:57:26.479167505 -0300
+@@ -526,9 +526,9 @@
+ if ((ret != SIEVE_OK) && interp->err) {
+ char buf[1024];
+ if (lastaction == -1) /* we never executed an action */
+- sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
++ snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
+ else
+- sprintf(buf, "%s: %s", action_to_string(lastaction),
++ snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
+ errmsg ? errmsg : sieve_errstr(ret));
+
+ ret |= interp->execute_err(buf, interp->interp_context,
+diff -urNad cyrus-imapd-2.2.13~/sieve/sieve.y cyrus-imapd-2.2.13/sieve/sieve.y
+--- cyrus-imapd-2.2.13~/sieve/sieve.y 2009-09-22 18:47:23.000000000 -0300
++++ cyrus-imapd-2.2.13/sieve/sieve.y 2009-09-22 18:57:26.479167505 -0300
+@@ -923,7 +923,7 @@
+ else if (!strcmp(r, "ne")) {return NE;}
+ else if (!strcmp(r, "eq")) {return EQ;}
+ else{
+- sprintf(errbuf, "flag '%s': not a valid relational operation", r);
++ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
+ yyerror(errbuf);
+ return -1;
+ }
Propchange: trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
------------------------------------------------------------------------------
svn:executable = *
Modified: trunk/cyrus-imapd-2.2.13/debian/patches/00list
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/00list?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/patches/00list (original)
+++ trunk/cyrus-imapd-2.2.13/debian/patches/00list Wed Sep 23 00:02:34 2009
@@ -23,6 +23,7 @@
0022-upstream-dont-send-empty-literal-response.dpatch
0023-sort-illegal-dates-first.dpatch
0024-upstream-fix-sieve.dpatch
+0025-upstream-fix-cve-2009-3235.dpatch
0090-fix-casts.dpatch
01-fix_Makefile.in.dpatch
02-add_mkinstalldirs.dpatch
Modified: trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c Wed Sep 23 00:02:34 2009
@@ -440,7 +440,7 @@
int comparator=ntohl(bc[i+3].value);
int apart=ntohl(bc[i+4].value);
int count=0;
- char scount[21];
+ char scount[3];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
@@ -608,7 +608,7 @@
int relation=ntohl(bc[i+2].value);
int comparator=ntohl(bc[i+3].value);
int count=0;
- char scount[21];
+ char scount[3];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
Modified: trunk/cyrus-imapd-2.2.13/sieve/script.c
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/script.c?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/script.c (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/script.c Wed Sep 23 00:02:34 2009
@@ -526,9 +526,9 @@
if ((ret != SIEVE_OK) && interp->err) {
char buf[1024];
if (lastaction == -1) /* we never executed an action */
- snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
+ sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
else
- snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
+ sprintf(buf, "%s: %s", action_to_string(lastaction),
errmsg ? errmsg : sieve_errstr(ret));
ret |= interp->execute_err(buf, interp->interp_context,
Modified: trunk/cyrus-imapd-2.2.13/sieve/sieve.y
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/sieve.y?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/sieve.y (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/sieve.y Wed Sep 23 00:02:34 2009
@@ -923,7 +923,7 @@
else if (!strcmp(r, "ne")) {return NE;}
else if (!strcmp(r, "eq")) {return EQ;}
else{
- snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
+ sprintf(errbuf, "flag '%s': not a valid relational operation", r);
yyerror(errbuf);
return -1;
}
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list