/[packages]/updates/1/bogofilter/current/SOURCES/bogofilter-1.2.2-CVE-2012-5468.diff
ViewVC logotype

Contents of /updates/1/bogofilter/current/SOURCES/bogofilter-1.2.2-CVE-2012-5468.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 338232 - (show annotations) (download)
Thu Jan 3 16:10:04 2013 UTC (11 years, 3 months ago) by luigiwalser
File size: 2393 byte(s) 
add upstream patch to fix CVE-2012-5468
1 diff -uNrp bogofilter-1.2.2.base64/src/iconvert.c bogofilter-1.2.2/src/iconvert.c
2 --- bogofilter-1.2.2.base64/src/iconvert.c 2010-03-14 20:08:11.000000000 -0400
3 +++ bogofilter-1.2.2/src/iconvert.c 2012-12-13 10:06:56.603529996 -0500
4 @@ -76,7 +76,7 @@ static void convert(iconv_t xd, buff_t *
5 outbuf = (char *)dst->t.u.text + dst->t.leng;
6 outbytesleft = dst->size - dst->read - dst->t.leng;
7
8 - if (outbytesleft == 0)
9 + if (outbytesleft <= 0)
10 break;
11
12 /*
13 @@ -141,6 +141,10 @@ static void convert(iconv_t xd, buff_t *
14 switch (err) {
15 case EILSEQ: /* invalid multibyte sequence */
16 case EINVAL: /* incomplete multibyte sequence */
17 + if(outbytesleft <= 0) {
18 + done = true;
19 + break;
20 + }
21 /* copy 1 byte (or substitute a '?') */
22 if (!replace_nonascii_characters)
23 *outbuf = *inbuf;
24 diff -uNrp bogofilter-1.2.2.base64/src/tests/Makefile.am bogofilter-1.2.2/src/tests/Makefile.am
25 --- bogofilter-1.2.2.base64/src/tests/Makefile.am 2010-07-05 07:26:36.000000000 -0400
26 +++ bogofilter-1.2.2/src/tests/Makefile.am 2012-12-13 10:07:07.893536640 -0500
27 @@ -45,6 +45,7 @@ PARSING_TESTS = \
28 t.multiple.tokens.head t.multiple.tokens.body t.multiple.tokens.min.mul \
29 $(ENCODING_TESTS) \
30 t.rfc2047_broken t.rfc2047_folded \
31 + t.crash-invalid-base64 \
32 t.message_addr t.message_id t.queue_id
33
34 WORDLIST_TESTS = t.dump.load t.nonascii.replace t.maint t.robx t.regtest t.upgrade.subnet.prefix t.multiple.wordlists t.probe t.bf_compact
35 diff -uNrp bogofilter-1.2.2.base64/src/tests/t.crash-invalid-base64 bogofilter-1.2.2/src/tests/t.crash-invalid-base64
36 --- bogofilter-1.2.2.base64/src/tests/t.crash-invalid-base64 1969-12-31 19:00:00.000000000 -0500
37 +++ bogofilter-1.2.2/src/tests/t.crash-invalid-base64 2012-12-13 10:07:23.733544561 -0500
38 @@ -0,0 +1,21 @@
39 +#! /bin/sh
40 +
41 +. ${srcdir:=.}/t.frame
42 +
43 +# make sure that we do not crash on excessively long tokens
44 +# Test program by Julius Plenz, TU Berlin.
45 +perl -e '
46 +print <<EOF
47 +Content-Type: multipart/mixed;boundary="----=_20121014031204_57463"
48 +
49 +------=_20121014031204_57463
50 +Content-Type: text/plain; charset="utf-8"
51 +
52 +------=_20121014031204_57463
53 +Content-Transfer-Encoding: base64
54 +
55 +EOF
56 +;
57 +print(("vfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvf\n")x600);
58 +print "------=_20121014031204_57463--";' \
59 +| $VAL $BOGOFILTER -p -e -C > /dev/null
  ViewVC Help
Powered by ViewVC 1.1.30