Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Dec 2001 12:56:21 +0300
From:      "Sergey A. Osokin" <osa@freebsd.org.ru>
To:        ports@FreeBSD.org
Cc:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   Re: ports/32555: Formatting string bug in cyrus sasl lib
Message-ID:  <20011207125621.A42962@freebsd.org.ru>
In-Reply-To: <200112061800.fB6I04c49839@freefall.freebsd.org>; from hetzels@westbend.net on Thu, Dec 06, 2001 at 10:00:04AM -0800
References:  <200112061800.fB6I04c49839@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Dec 06, 2001 at 10:00:04AM -0800, Scot W. Hetzel wrote:
> 
>  From: "Alexey Rodin" <alx@cii.sumy.ua>
>  >     A format bug was found in one of the logging functions, that could be
>  >     used by an attacker to gain access to a machine or to acquire higher
>  >     privileges.
>  
>  I am working on the upgrade to 1.5.27, but if someone could commit this to
>  the current cyrus-sasl port as patch-lib::common.c.

Please review and commit attached patch for port.
Thanks.

-- 

Rgdz,                                /"\ 
Sergey Osokin aka oZZ,               \ /  ASCII RIBBON CAMPAIGN
osa@freebsd.org.ru                    X     AGAINST HTML MAIL
http://freebsd.org.ru/~osa/          / \

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-cyrus-sasl

diff -ruN cyrus-sasl.orig/Makefile cyrus-sasl/Makefile
--- cyrus-sasl.orig/Makefile	Thu Dec  6 18:36:51 2001
+++ cyrus-sasl/Makefile	Fri Dec  7 12:53:05 2001
@@ -7,7 +7,7 @@
 
 PORTNAME=	cyrus-sasl
 PORTVERSION=	1.5.24
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \
 		${MASTER_SITE_LOCAL} \
diff -ruN cyrus-sasl.orig/files/patch-lib::common.c cyrus-sasl/files/patch-lib::common.c
--- cyrus-sasl.orig/files/patch-lib::common.c	Thu Jan  1 03:00:00 1970
+++ cyrus-sasl/files/patch-lib::common.c	Thu Dec  6 18:35:55 2001
@@ -0,0 +1,11 @@
+--- lib/common.c.orig	Thu Dec  6 18:34:09 2001
++++ lib/common.c	Thu Dec  6 18:34:24 2001
+@@ -596,7 +596,7 @@
+     }
+     
+     /* do the syslog call. do not need to call openlog */
+-    syslog(syslog_priority | LOG_AUTH, message);
++    syslog(syslog_priority | LOG_AUTH, "%s", message);
+     
+     return SASL_OK;
+ }

--OXfL5xGRrasGEqWY--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011207125621.A42962>