procmail: fix CVE-2014-3618 CVE-2017-16844

This commit is contained in:
maxice8 2018-10-02 15:35:41 -03:00 committed by maxice8
parent 62cb04acc2
commit 1681cd0182
3 changed files with 44 additions and 3 deletions

View File

@ -0,0 +1,23 @@
From: Tavis Ormandy
Subject: formail heap overflow. CVE-2014-3618
Bug-Debian: http://bugs.debian.org/704675
Bug-Debian: http://bugs.debian.org/760443
X-Debian-version: 3.22-22
--- a/src/formisc.c
+++ b/src/formisc.c
@@ -84,12 +84,11 @@
case '"':*target++=delim='"';start++;
}
;{ int i;
- do
+ while(*start)
if((i= *target++= *start++)==delim) /* corresponding delimiter? */
break;
else if(i=='\\'&&*start) /* skip quoted character */
*target++= *start++;
- while(*start); /* anything? */
}
hitspc=2;
}

View File

@ -0,0 +1,17 @@
From: Santiago Vila <sanvila@debian.org>
Subject: Fix heap-based buffer overflow in loadbuf()
Bug-Debian: http://bugs.debian.org/876511
X-Debian-version: 3.22-26
--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@
}
/* append to buf */
void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen) /* buf can't hold the text */
+{ while(buffilled+len>buflen) /* buf can't hold the text */
buf=realloc(buf,buflen+=Bsize);
tmemmove(buf+buffilled,text,len);buffilled+=len;
}

View File

@ -1,12 +1,13 @@
# Template file for 'procmail'
pkgname=procmail
version=3.22
revision=2
revision=3
patch_args="-Np1"
hostmakedepends="opensmtpd"
depends="virtual?smtp-server"
short_desc="Autonomous mail processor"
maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
license="GPL-2, Artistic"
maintainer="Leah Neukirchen <leah@vuxu.org>"
license="GPL-2.0-or-later, Artistic"
homepage="http://www.procmail.org"
distfiles="ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail/${pkgname}-${version}.tar.gz"
checksum=087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117