ports/99698: japanese/mutt-devel: Fix IMAP buffer overflow vulnerability
Shaun Amott
shaun at FreeBSD.org
Sat Jul 1 21:03:54 UTC 2006
>Number: 99698
>Category: ports
>Synopsis: japanese/mutt-devel: Fix IMAP buffer overflow vulnerability
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jul 01 20:40:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Shaun Amott
>Release: FreeBSD 6.1-STABLE i386
>Organization:
>Environment:
>Description:
Add patch to fix IMAP buffer overflow vulnerability:
http://www.vuxml.org/freebsd/d2a43243-087b-11db-bc36-0008743bf21a.html
>How-To-Repeat:
>Fix:
--- mutt-devel.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/japanese/mutt-devel/Makefile,v
retrieving revision 1.59
diff -u -r1.59 Makefile
--- Makefile 9 May 2006 00:18:01 -0000 1.59
+++ Makefile 1 Jul 2006 20:06:41 -0000
@@ -9,7 +9,7 @@
PORTNAME= mutt-devel
PORTVERSION= ${VERSION}.j${JP_VERSION}
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= japanese mail
MASTER_SITES= http://www.emaillab.org/mutt/1.5/ \
http://my.reset.jp/~iwashita/mutt/distfiles/ \
Index: files/patch-imap_browse.c
===================================================================
RCS file: files/patch-imap_browse.c
diff -N files/patch-imap_browse.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-imap_browse.c 1 Jul 2006 20:06:41 -0000
@@ -0,0 +1,27 @@
+--- imap/browse.c.orig Wed Nov 5 09:41:36 2003
++++ imap/browse.c Sat Jul 1 20:47:53 2006
+@@ -452,7 +452,7 @@
+ if (*s == '\"')
+ {
+ s++;
+- while (*s && *s != '\"')
++ while (*s && *s != '\"' && n < sizeof (ns) - 1)
+ {
+ if (*s == '\\')
+ s++;
+@@ -463,12 +463,14 @@
+ s++;
+ }
+ else
+- while (*s && !ISSPACE (*s))
++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
+ {
+ ns[n++] = *s;
+ s++;
+ }
+ ns[n] = '\0';
++ if (n == sizeof (ns) - 1)
++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
+ /* delim? */
+ s = imap_next_word (s);
+ /* delimiter is meaningless if namespace is "". Why does
--- mutt-devel.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list