Date: Thu, 1 Feb 2018 13:23:40 +0000 (UTC) From: Niclas Zeising <zeising@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r460590 - in head/mail/dovecot: . files Message-ID: <201802011323.w11DNeOW020675@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zeising Date: Thu Feb 1 13:23:40 2018 New Revision: 460590 URL: https://svnweb.freebsd.org/changeset/ports/460590 Log: Complete fix for CVE-2017-15132 Complete fix for CVE-2017-15132, the previous fix was not enough, and caused the request to remain after an abort, causing a use-after-free later on. PR: 225585 Submitted by: Vladimir Krstulja Approved by: adamw (maintainer) MFH: 2018Q1 Added: head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c (contents, props changed) head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h (contents, props changed) Modified: head/mail/dovecot/Makefile head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c Modified: head/mail/dovecot/Makefile ============================================================================== --- head/mail/dovecot/Makefile Thu Feb 1 13:23:37 2018 (r460589) +++ head/mail/dovecot/Makefile Thu Feb 1 13:23:40 2018 (r460590) @@ -13,7 +13,7 @@ PORTNAME= dovecot PORTVERSION= 2.2.33.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= mail ipv6 MASTER_SITES= https://www.dovecot.org/releases/2.2/ Modified: head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c ============================================================================== --- head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c Thu Feb 1 13:23:37 2018 (r460589) +++ head/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c Thu Feb 1 13:23:40 2018 (r460590) @@ -1,10 +1,12 @@ --- src/lib-auth/auth-client-request.c.orig 2017-10-05 17:10:44 UTC +++ src/lib-auth/auth-client-request.c -@@ -180,6 +180,7 @@ void auth_client_request_abort(struct auth_client_requ +@@ -180,6 +180,9 @@ void auth_client_request_abort(struct auth_client_requ auth_client_send_cancel(request->conn->client, request->id); call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); -+ pool_unref(&request->pool); ++ /* remove the request */ ++ auth_server_connection_remove_request(request->conn, request->id); ++ pool_unref(&request->pool); } unsigned int auth_client_request_get_id(struct auth_client_request *request) Added: head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c Thu Feb 1 13:23:40 2018 (r460590) @@ -0,0 +1,13 @@ +--- src/lib-auth/auth-server-connection.c.orig 2017-10-05 17:10:44 UTC ++++ src/lib-auth/auth-server-connection.c +@@ -481,3 +481,10 @@ auth_server_connection_add_request(struct auth_server_ + hash_table_insert(conn->requests, POINTER_CAST(id), request); + return id; + } ++ ++void auth_server_connection_remove_request(struct auth_server_connection *conn, ++ unsigned int id) ++{ ++ i_assert(conn->handshake_received); ++ hash_table_remove(conn->requests, POINTER_CAST(id)); ++} Added: head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h Thu Feb 1 13:23:40 2018 (r460590) @@ -0,0 +1,9 @@ +--- src/lib-auth/auth-server-connection.h.orig 2017-10-05 17:10:44 UTC ++++ src/lib-auth/auth-server-connection.h +@@ -38,4 +38,6 @@ void auth_server_connection_disconnect(struct auth_ser + unsigned int + auth_server_connection_add_request(struct auth_server_connection *conn, + struct auth_client_request *request); ++void auth_server_connection_remove_request(struct auth_server_connection *conn, ++ unsigned int id); + #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802011323.w11DNeOW020675>