[SVN] r844 - in /trunk/cyrus-imapd-2.2.13: debian/patches/0025-upstream-fix-cve-2009-3235.dpatch debian/patches/00list sieve/bc_eval.c sieve/script.c sieve/sieve.y

debian at incase.de debian at incase.de
Tue Sep 22 22:02:40 UTC 2009 

Author: hmh
Date: Wed Sep 23 00:02:34 2009
New Revision: 844

URL: https://mail.incase.de/viewcvs?rev=844&root=cyrus22&view=rev
Log:
Move the CVE 2009-3235 fixes in r843 to dpatch
0025-upstream-fix-cve-2009-3235.dpatch

Added:
    trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch   (with props)
Modified:
    trunk/cyrus-imapd-2.2.13/debian/patches/00list
    trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c
    trunk/cyrus-imapd-2.2.13/sieve/script.c
    trunk/cyrus-imapd-2.2.13/sieve/sieve.y

Added: trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch?rev=844&root=cyrus22&view=auto
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch (added)
+++ trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch Wed Sep 23 00:02:34 2009
@@ -1,0 +1,55 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0025_upstream-fix-cve-2009-3235.dpatch by Henrique de Moraes Holschuh <hmh at debian.org>
+##
+## DP: Fixes for CVE 2009-3235 (multiple Sieve buffer overruns, remote exploitable)
+## DP: taken from upstream CVS, Debian bug #547947
+
+ at DPATCH@
+diff -urNad cyrus-imapd-2.2.13~/sieve/bc_eval.c cyrus-imapd-2.2.13/sieve/bc_eval.c
+--- cyrus-imapd-2.2.13~/sieve/bc_eval.c	2009-09-22 18:47:23.000000000 -0300
++++ cyrus-imapd-2.2.13/sieve/bc_eval.c	2009-09-22 18:57:26.479167505 -0300
+@@ -440,7 +440,7 @@
+ 	int comparator=ntohl(bc[i+3].value);
+ 	int apart=ntohl(bc[i+4].value);
+ 	int count=0;
+-	char scount[3];
++	char scount[21];
+ 	int isReg = (match==B_REGEX);
+ 	int ctag = 0;
+ 	regex_t *reg;
+@@ -608,7 +608,7 @@
+ 	int relation=ntohl(bc[i+2].value);
+ 	int comparator=ntohl(bc[i+3].value);
+ 	int count=0;	
+-	char scount[3];
++	char scount[21];
+ 	int isReg = (match==B_REGEX);
+ 	int ctag = 0;
+ 	regex_t *reg;
+diff -urNad cyrus-imapd-2.2.13~/sieve/script.c cyrus-imapd-2.2.13/sieve/script.c
+--- cyrus-imapd-2.2.13~/sieve/script.c	2009-09-22 18:57:09.666668946 -0300
++++ cyrus-imapd-2.2.13/sieve/script.c	2009-09-22 18:57:26.479167505 -0300
+@@ -526,9 +526,9 @@
+     if ((ret != SIEVE_OK) && interp->err) {
+ 	char buf[1024];
+ 	if (lastaction == -1) /* we never executed an action */
+-	    sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
++	    snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
+ 	else
+-	    sprintf(buf, "%s: %s", action_to_string(lastaction),
++	    snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
+ 		    errmsg ? errmsg : sieve_errstr(ret));
+  
+ 	ret |= interp->execute_err(buf, interp->interp_context,
+diff -urNad cyrus-imapd-2.2.13~/sieve/sieve.y cyrus-imapd-2.2.13/sieve/sieve.y
+--- cyrus-imapd-2.2.13~/sieve/sieve.y	2009-09-22 18:47:23.000000000 -0300
++++ cyrus-imapd-2.2.13/sieve/sieve.y	2009-09-22 18:57:26.479167505 -0300
+@@ -923,7 +923,7 @@
+ 	else if (!strcmp(r, "ne")) {return NE;}
+ 	else if (!strcmp(r, "eq")) {return EQ;}
+ 	else{
+-	  sprintf(errbuf, "flag '%s': not a valid relational operation", r);
++	  snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
+ 	  yyerror(errbuf);
+ 	  return -1;
+ 	}

Propchange: trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
------------------------------------------------------------------------------
    svn:executable = *

Modified: trunk/cyrus-imapd-2.2.13/debian/patches/00list
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/00list?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/patches/00list (original)
+++ trunk/cyrus-imapd-2.2.13/debian/patches/00list Wed Sep 23 00:02:34 2009
@@ -23,6 +23,7 @@
 0022-upstream-dont-send-empty-literal-response.dpatch
 0023-sort-illegal-dates-first.dpatch
 0024-upstream-fix-sieve.dpatch
+0025-upstream-fix-cve-2009-3235.dpatch
 0090-fix-casts.dpatch
 01-fix_Makefile.in.dpatch
 02-add_mkinstalldirs.dpatch

Modified: trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c Wed Sep 23 00:02:34 2009
@@ -440,7 +440,7 @@
 	int comparator=ntohl(bc[i+3].value);
 	int apart=ntohl(bc[i+4].value);
 	int count=0;
-	char scount[21];
+	char scount[3];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
@@ -608,7 +608,7 @@
 	int relation=ntohl(bc[i+2].value);
 	int comparator=ntohl(bc[i+3].value);
 	int count=0;	
-	char scount[21];
+	char scount[3];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;

Modified: trunk/cyrus-imapd-2.2.13/sieve/script.c
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/script.c?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/script.c (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/script.c Wed Sep 23 00:02:34 2009
@@ -526,9 +526,9 @@
     if ((ret != SIEVE_OK) && interp->err) {
 	char buf[1024];
 	if (lastaction == -1) /* we never executed an action */
-	    snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
+	    sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
 	else
-	    snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
+	    sprintf(buf, "%s: %s", action_to_string(lastaction),
 		    errmsg ? errmsg : sieve_errstr(ret));
  
 	ret |= interp->execute_err(buf, interp->interp_context,

Modified: trunk/cyrus-imapd-2.2.13/sieve/sieve.y
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/sieve.y?rev=844&root=cyrus22&r1=843&r2=844&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/sieve.y (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/sieve.y Wed Sep 23 00:02:34 2009
@@ -923,7 +923,7 @@
 	else if (!strcmp(r, "ne")) {return NE;}
 	else if (!strcmp(r, "eq")) {return EQ;}
 	else{
-	  snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
+	  sprintf(errbuf, "flag '%s': not a valid relational operation", r);
 	  yyerror(errbuf);
 	  return -1;
 	}

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list