svn commit: r303194 - in head: news/inn news/inn/files security/vuxml
Eygene Ryabinkin
rea at FreeBSD.org
Sun Aug 26 17:33:13 UTC 2012
Author: rea
Date: Sun Aug 26 17:33:12 2012
New Revision: 303194
URL: http://svn.freebsd.org/changeset/ports/303194
Log:
news/inn: fix plaintext command injection, CVE-2012-3523
Relevant only for INN installations that are using encryption.
PR: 171013
Approved by: fluffy at FreeBSD.org (maintainer)
Security: http://www.vuxml.org/freebsd/a7975581-ee26-11e1-8bd8-0022156e8794.html
Added:
head/news/inn/files/patch-cve-2012-3523-minimal (contents, props changed)
Modified:
head/news/inn/Makefile
head/security/vuxml/vuln.xml
Modified: head/news/inn/Makefile
==============================================================================
--- head/news/inn/Makefile Sun Aug 26 17:09:37 2012 (r303193)
+++ head/news/inn/Makefile Sun Aug 26 17:33:12 2012 (r303194)
@@ -7,7 +7,7 @@
PORTNAME?= inn
PORTVERSION?= 2.5.2
-PORTREVISION?= 1
+PORTREVISION?= 2
CATEGORIES= news ipv6
# Master distribution broken
#MASTER_SITES?= ${MASTER_SITE_ISC}
Added: head/news/inn/files/patch-cve-2012-3523-minimal
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/news/inn/files/patch-cve-2012-3523-minimal Sun Aug 26 17:33:12 2012 (r303194)
@@ -0,0 +1,61 @@
+Fixes CVE-2012-3523. This is a stripped down version of 2.5.2 -> 2.5.3
+patch that adds line_reset() to the relevant places.
+
+Obtained-from: ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz
+diff -Nurp inn-2.5.2/nnrpd/line.c inn-2.5.3/nnrpd/line.c
+--- nnrpd/line.c 2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/line.c 2012-06-15 11:25:36.000000000 -0700
+@@ -66,6 +66,17 @@ line_init(struct line *line)
+ line->remaining = 0;
+ }
+
++/*
++** Reset a line structure.
++*/
++void
++line_reset(struct line *line)
++{
++ assert(line);
++ line->where = line->start;
++ line->remaining = 0;
++}
++
+ /*
+ ** Timeout is used only if HAVE_SSL is defined.
+ */
+diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c
+--- nnrpd/misc.c 2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/misc.c 2012-06-15 11:25:36.000000000 -0700
+@@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN
+ GRPcount = 0;
+ PERMgroupmadeinvalid = false;
+ }
++
++ /* Reset our read buffer so as to prevent plaintext command injection. */
++ line_reset(&NNTPline);
+ }
+ #endif /* HAVE_SSL */
+diff -Nurp inn-2.5.2/nnrpd/nnrpd.h inn-2.5.3/nnrpd/nnrpd.h
+--- nnrpd/nnrpd.h 2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/nnrpd.h 2012-06-15 11:25:36.000000000 -0700
+@@ -292,6 +292,7 @@ void PY_dynamic_init (char* file);
+
+ void line_free(struct line *);
+ void line_init(struct line *);
++void line_reset(struct line *);
+ READTYPE line_read(struct line *, int, const char **, size_t *, size_t *);
+
+ #ifdef HAVE_SASL
+diff -Nurp inn-2.5.2/nnrpd/sasl.c inn-2.5.3/nnrpd/sasl.c
+--- nnrpd/sasl.c 2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/sasl.c 2012-06-15 11:25:36.000000000 -0700
+@@ -326,6 +326,9 @@ SASLauth(int ac, char *av[])
+ GRPcount = 0;
+ PERMgroupmadeinvalid = false;
+ }
++
++ /* Reset our read buffer so as to prevent plaintext command injection. */
++ line_reset(&NNTPline);
+ }
+ } else {
+ /* Failure. */
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Aug 26 17:09:37 2012 (r303193)
+++ head/security/vuxml/vuln.xml Sun Aug 26 17:33:12 2012 (r303194)
@@ -163,7 +163,7 @@ Note: Please add new entries to the beg
<affects>
<package>
<name>inn</name>
- <range><lt>2.5.3</lt></range>
+ <range><lt>2.5.2_2</lt></range>
</package>
</affects>
<description>
More information about the svn-ports-head
mailing list