Date: Sun, 26 Aug 2012 17:33:12 +0000 (UTC) From: Eygene Ryabinkin <rea@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r303194 - in head: news/inn news/inn/files security/vuxml Message-ID: <201208261733.q7QHXCRq057868@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rea Date: Sun Aug 26 17:33:12 2012 New Revision: 303194 URL: http://svn.freebsd.org/changeset/ports/303194 Log: news/inn: fix plaintext command injection, CVE-2012-3523 Relevant only for INN installations that are using encryption. PR: 171013 Approved by: fluffy@FreeBSD.org (maintainer) Security: http://www.vuxml.org/freebsd/a7975581-ee26-11e1-8bd8-0022156e8794.html Added: head/news/inn/files/patch-cve-2012-3523-minimal (contents, props changed) Modified: head/news/inn/Makefile head/security/vuxml/vuln.xml Modified: head/news/inn/Makefile ============================================================================== --- head/news/inn/Makefile Sun Aug 26 17:09:37 2012 (r303193) +++ head/news/inn/Makefile Sun Aug 26 17:33:12 2012 (r303194) @@ -7,7 +7,7 @@ PORTNAME?= inn PORTVERSION?= 2.5.2 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= news ipv6 # Master distribution broken #MASTER_SITES?= ${MASTER_SITE_ISC} Added: head/news/inn/files/patch-cve-2012-3523-minimal ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/news/inn/files/patch-cve-2012-3523-minimal Sun Aug 26 17:33:12 2012 (r303194) @@ -0,0 +1,61 @@ +Fixes CVE-2012-3523. This is a stripped down version of 2.5.2 -> 2.5.3 +patch that adds line_reset() to the relevant places. + +Obtained-from: ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz +diff -Nurp inn-2.5.2/nnrpd/line.c inn-2.5.3/nnrpd/line.c +--- nnrpd/line.c 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/line.c 2012-06-15 11:25:36.000000000 -0700 +@@ -66,6 +66,17 @@ line_init(struct line *line) + line->remaining = 0; + } + ++/* ++** Reset a line structure. ++*/ ++void ++line_reset(struct line *line) ++{ ++ assert(line); ++ line->where = line->start; ++ line->remaining = 0; ++} ++ + /* + ** Timeout is used only if HAVE_SSL is defined. + */ +diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c +--- nnrpd/misc.c 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/misc.c 2012-06-15 11:25:36.000000000 -0700 +@@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN + GRPcount = 0; + PERMgroupmadeinvalid = false; + } ++ ++ /* Reset our read buffer so as to prevent plaintext command injection. */ ++ line_reset(&NNTPline); + } + #endif /* HAVE_SSL */ +diff -Nurp inn-2.5.2/nnrpd/nnrpd.h inn-2.5.3/nnrpd/nnrpd.h +--- nnrpd/nnrpd.h 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/nnrpd.h 2012-06-15 11:25:36.000000000 -0700 +@@ -292,6 +292,7 @@ void PY_dynamic_init (char* file); + + void line_free(struct line *); + void line_init(struct line *); ++void line_reset(struct line *); + READTYPE line_read(struct line *, int, const char **, size_t *, size_t *); + + #ifdef HAVE_SASL +diff -Nurp inn-2.5.2/nnrpd/sasl.c inn-2.5.3/nnrpd/sasl.c +--- nnrpd/sasl.c 2010-03-24 13:10:36.000000000 -0700 ++++ nnrpd/sasl.c 2012-06-15 11:25:36.000000000 -0700 +@@ -326,6 +326,9 @@ SASLauth(int ac, char *av[]) + GRPcount = 0; + PERMgroupmadeinvalid = false; + } ++ ++ /* Reset our read buffer so as to prevent plaintext command injection. */ ++ line_reset(&NNTPline); + } + } else { + /* Failure. */ Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Aug 26 17:09:37 2012 (r303193) +++ head/security/vuxml/vuln.xml Sun Aug 26 17:33:12 2012 (r303194) @@ -163,7 +163,7 @@ Note: Please add new entries to the beg <affects> <package> <name>inn</name> - <range><lt>2.5.3</lt></range> + <range><lt>2.5.2_2</lt></range> </package> </affects> <description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208261733.q7QHXCRq057868>