Date: Mon, 19 Apr 2004 21:56:56 +0200 (CEST) From: Johan van Selst <johans@stack.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/65784: Security patch for mail/emil (ref: DSA-468-1, portaudit) Message-ID: <20040419195656.CB8DC3D4F@mailhost.gletsjer.net> Resent-Message-ID: <200404192000.i3JK0gWG064876@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 65784 >Category: ports >Synopsis: Security patch for mail/emil (ref: DSA-468-1, portaudit) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Apr 19 13:00:41 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Johan van Selst >Release: FreeBSD 5.2-CURRENT i386 >Organization: >Environment: System: FreeBSD coyote.gletsjer.net 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Mar 7 19:20:00 CET 2004 root@coyote.gletsjer.net:/spare3/obj/spare3/src/sys/coyote i386 >Description: mail/exim is currently forbidden due to overflows and format errors. The project is no longer actively maintained, but security patches have been released by Ulf Harnhammar, who also released the original advisory. >How-To-Repeat: See http://vuxml.freebsd.org/ce46b93a-80f2-11d8-9645-0020ed76ef5a.html as quoted in the current Makefile for more info >Fix: This patch has been copied from http://www.securityfocus.com/archive/1/358626 as submitted by Ulf Harnhammer. It has been tested on STABLE and CURRENT. Please verify, add the code below as extra patch file to mail/emil/files/ and remove the FORBIDDEN clause of this port. Feel free to educate me about submitting patches if this is not in the desired format. Thank you. --- mime.c.old 1996-06-04 15:36:59.000000000 +0200 +++ mime.c 2004-02-26 16:57:42.000000000 +0100 @@ -56,18 +56,18 @@ if (match(m->sd->type, "TEXT")) { if (m->td->charset != NULL) - sprintf(buf, "%s; charset=\"%s\"", ct, m->td->charset); + snprintf(buf, sizeof(buf), "%s; charset=\"%s\"", ct, m->td->charset); else - sprintf(buf, "%s", ct); + snprintf(buf, sizeof(buf), "%s", ct); } else if (match(m->sd->type, "MULTIPART")) { bb = (char *)getmimebound(); if (m->sd->applefile == AMDOUBLE) - sprintf(buf, "Multipart/AppleDouble; boundary=\"%s\"", bb); + snprintf(buf, sizeof(buf), "Multipart/AppleDouble; boundary=\"%s\"", bb); else - sprintf(buf,"%s; boundary=\"%s\"", ct, bb); + snprintf(buf, sizeof(buf), "%s; boundary=\"%s\"", ct, bb); m->td->startbound = (char *)Yalloc(MIMEBOUNDLEN + 5); m->td->endbound = (char *)Yalloc(MIMEBOUNDLEN + 7); sprintf(m->td->startbound, "--%s", bb); @@ -75,7 +75,7 @@ } else { - sprintf(buf, "%s", ct); + snprintf(buf, sizeof(buf), "%s", ct); } } else @@ -87,7 +87,10 @@ if (m->sd->name != NULL) { - sprintf(buf, "%s; name=\"%s\"", buf, m->sd->name); + char *buf2; + buf2 = strdup(buf); + snprintf(buf, sizeof(buf), "%s; name=\"%s\"", buf2, m->sd->name); + free(buf2); } add_header(m, "Content-Type", buf, MIME); if (bb != NULL) --- uuencode.c.old 1996-06-04 15:37:02.000000000 +0200 +++ uuencode.c 2004-02-26 17:01:09.000000000 +0100 @@ -116,7 +116,7 @@ /* Start with uuencode preamble */ fix_filename(m); - sprintf(outb,"begin 644 %s\n", m->sd->name); + snprintf(outb, sizeof(outb), "begin 644 %s\n", m->sd->name); append_data(outbuf, outb, strlen(outb), pz); outbuf->lineend += 1; i = 0; @@ -242,7 +242,7 @@ inb++; inbuf->offset += 1; } - if ((i = sscanf(inb, "begin%*1[ ]%*3[0-7]%*1[ ]%s", filename)) != 1) + if ((i = sscanf(inb, "begin%*1[ ]%*3[0-7]%*1[ ]%511s", filename)) != 1) { #ifdef DEBUG if (edebug) --- main.c.old 1996-06-04 15:36:58.000000000 +0200 +++ main.c 2004-02-26 17:02:18.000000000 +0100 @@ -177,7 +177,7 @@ sprintf(ebuf,"Invalid parameter to -f: %s",optarg); #ifdef DEBUG if (edebug) - fprintf(stderr, ebuf); + fprintf(stderr, "%s", ebuf); #endif logger(LOG_WARNING,ebuf); } @@ -303,7 +303,7 @@ sprintf(ebuf,"Invalid flag: -%c",c); #ifdef DEBUG if (edebug) - fprintf(stderr, ebuf); + fprintf(stderr, "%s", ebuf); #endif logger(LOG_WARNING,ebuf); } @@ -359,7 +359,7 @@ sprintf(ebuf, "Invalid mailer specification %s", optarg); #ifdef DEBUG if (edebug) - fprintf(stderr, ebuf); + fprintf(stderr, "%s", ebuf); #endif logger(LOG_ERR, ebuf); fprintf(stderr, "Emil: %s\n", ebuf); @@ -448,7 +448,7 @@ ); #ifdef DEBUG if (edebug) - fprintf(stderr, ebuf); + fprintf(stderr, "%s", ebuf); #endif logger(LOG_DEBUG,ebuf); if (source == NULL) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040419195656.CB8DC3D4F>