ports/78547: Security update port: ftp/curl from 7.12.3_2 to 7.12.3_3
Esa Karkkainen
ejk at iki.fi
Mon Mar 7 18:50:02 UTC 2005
>Number: 78547
>Category: ports
>Synopsis: Security update port: ftp/curl from 7.12.3_2 to 7.12.3_3
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 07 18:50:00 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Esa Karkkainen
>Release: FreeBSD 5.3-RELEASE-p3 i386
>Organization:
Is in state of disintegration
>Environment:
System: FreeBSD 5.3-RELEASE-p3 #33: Wed Jan 5 19:01:24 EET 2005
Ports tree cvsupped at Mon Mar 7 19:59:08 2005
>Description:
# portaudit
Affected package: curl-7.12.3_2
Type of problem: curl -- authentication buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/96df5fd0-8900-11d9-aa18-0001020eed82.html>
Fix has been obtained from
http://cool.haxx.se/cvs.cgi/curl/lib/http_ntlm.c.diff?r1=1.36&r2=1.37
>How-To-Repeat:
cd /usr/ports/ftp/curl && make all
>Fix:
I've attached fix from cURL CVS below and bumped PORTREVISION
in ports Makefile
diff -ruN /usr/ports/ftp/curl/Makefile curl/Makefile
--- /usr/ports/ftp/curl/Makefile Tue Dec 21 19:01:02 2004
+++ curl/Makefile Mon Mar 7 20:30:07 2005
@@ -7,7 +7,7 @@
PORTNAME= curl
PORTVERSION= 7.12.3
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= ftp ipv6 www
MASTER_SITES= http://curl.haxx.se/download/ \
${MASTER_SITE_SOURCEFORGE} \
diff -ruN /usr/ports/ftp/curl/files/patch-lib::http_ntlm.c curl/files/patch-lib::http_ntlm.c
--- /usr/ports/ftp/curl/files/patch-lib::http_ntlm.c Thu Jan 1 02:00:00 1970
+++ curl/files/patch-lib::http_ntlm.c Mon Mar 7 20:41:50 2005
@@ -0,0 +1,41 @@
+--- lib/http_ntlm.c.orig Wed Dec 8 01:09:41 2004
++++ lib/http_ntlm.c Mon Mar 7 20:40:18 2005
+@@ -18,7 +18,7 @@
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+- * $Id: http_ntlm.c,v 1.36 2004/12/07 23:09:41 bagder Exp $
++ * $Id: http_ntlm.c,v 1.37 2005/02/22 07:44:14 bagder Exp $
+ ***************************************************************************/
+ #include "setup.h"
+
+@@ -103,7 +103,6 @@
+ header++;
+
+ if(checkprefix("NTLM", header)) {
+- unsigned char buffer[256];
+ header += strlen("NTLM");
+
+ while(*header && isspace((int)*header))
+@@ -123,8 +122,12 @@
+ (40) Target Information (optional) security buffer(*)
+ 32 (48) start of data block
+ */
++ size_t size;
++ unsigned char *buffer = (unsigned char *)malloc(strlen(header));
++ if (buffer == NULL)
++ return CURLNTLM_BAD;
+
+- size_t size = Curl_base64_decode(header, (char *)buffer);
++ size = Curl_base64_decode(header, (char *)buffer);
+
+ ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
+
+@@ -134,6 +137,7 @@
+
+ /* at index decimal 20, there's a 32bit NTLM flag field */
+
++ free(buffer);
+ }
+ else {
+ if(ntlm->state >= NTLMSTATE_TYPE1)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list