[Midnightbsd-cvs] mports: mail/fetchmail: security fix: potential crash in -v -v verbose

crash at midnightbsd.org crash at midnightbsd.org
Sun Jul 13 16:53:06 EDT 2008 

Log Message:
-----------
security fix: potential crash in -v -v verbose mode

Modified Files:
--------------
    mports/mail/fetchmail:
        Makefile (r1.9 -> r1.10)

Added Files:
-----------
    mports/mail/fetchmail/files:
        patch-CVE-2008-2711 (r1.1)

-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/cvs/mports/mail/fetchmail/Makefile,v
retrieving revision 1.9
retrieving revision 1.10
diff -L mail/fetchmail/Makefile -L mail/fetchmail/Makefile -u -r1.9 -r1.10
--- mail/fetchmail/Makefile
+++ mail/fetchmail/Makefile
@@ -12,7 +12,7 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.8
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail ipv6
 MASTER_SITES=	${MASTER_SITE_BERLIOS}
 MASTER_SITE_SUBDIR=	fetchmail
--- /dev/null
+++ mail/fetchmail/files/patch-CVE-2008-2711
@@ -0,0 +1,52 @@
+--- report.c.orig	2008-07-01 18:15:58.000000000 +0200
++++ report.c	2008-07-01 18:18:53.000000000 +0200
+@@ -238,11 +238,17 @@
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++	/*
++	 * args has to be initialized before every call of vsnprintf(), 
++	 * because vsnprintf() invokes va_arg macro and thus args is 
++	 * undefined after the call.
++	 */
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end (args);
+ 
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
+@@ -304,12 +309,13 @@
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used,
+ 		       partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end(args);
+ 
+ 	/* old glibc versions return -1 for truncation */
+ 	if (n >= 0
+@@ -322,7 +328,6 @@
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {

More information about the Midnightbsd-cvs mailing list