/[packages]/cauldron/cyrus-imapd/current/SOURCES/cyrus-imapd-2.3.18-potential-overflow.patch
ViewVC logotype

Contents of /cauldron/cyrus-imapd/current/SOURCES/cyrus-imapd-2.3.18-potential-overflow.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 922204 - (show annotations) (download)
Tue Jan 12 18:56:38 2016 UTC (8 years, 2 months ago) by luigiwalser
File size: 900 byte(s)
- add patch from fedora to fix potential overflows
- add patches from opensuse to fix CVE-2015-8077 and CVE-2015-8078

1 This is a backport of
2 https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0
3
4 The patch is mentioned in http://seclists.org/oss-sec/2015/q3/651 as fixing
5 potential overflows.
6
7 diff --git a/master/master.c b/master/master.c
8 index 3886441..455548b 100644
9 --- a/master/master.c
10 +++ b/master/master.c
11 @@ -197,13 +197,15 @@ void event_free(struct event *a)
12 free(a);
13 }
14
15 -void get_prog(char *path, unsigned size, char *const *cmd)
16 +void get_prog(char *path, size_t size, char *const *cmd)
17 {
18 + if (!size) return;
19 if (cmd[0][0] == '/') {
20 - /* master lacks strlcpy, due to no libcyrus */
21 - snprintf(path, size, "%s", cmd[0]);
22 + /* master lacks strlcpy, due to no libcyrus */
23 + strncpy(path, cmd[0], size - 1);
24 }
25 else snprintf(path, size, "%s/%s", SERVICE_PATH, cmd[0]);
26 + path[size-1] = '\0';
27 }
28
29 void get_statsock(int filedes[2])

  ViewVC Help
Powered by ViewVC 1.1.30