/[packages]/updates/1/bogofilter/current/SOURCES/bogofilter-1.2.2-CVE-2012-5468.diff
ViewVC logotype

Annotation of /updates/1/bogofilter/current/SOURCES/bogofilter-1.2.2-CVE-2012-5468.diff

Parent Directory Parent Directory | Revision Log Revision Log


Revision 338232 - (hide annotations) (download)
Thu Jan 3 16:10:04 2013 UTC (8 years, 8 months ago) by luigiwalser
File size: 2393 byte(s)
add upstream patch to fix CVE-2012-5468
1 luigiwalser 338232 diff -uNrp bogofilter-1.2.2.base64/src/iconvert.c bogofilter-1.2.2/src/iconvert.c
2     --- bogofilter-1.2.2.base64/src/iconvert.c 2010-03-14 20:08:11.000000000 -0400
3     +++ bogofilter-1.2.2/src/iconvert.c 2012-12-13 10:06:56.603529996 -0500
4     @@ -76,7 +76,7 @@ static void convert(iconv_t xd, buff_t *
5     outbuf = (char *)dst->t.u.text + dst->t.leng;
6     outbytesleft = dst->size - dst->read - dst->t.leng;
7    
8     - if (outbytesleft == 0)
9     + if (outbytesleft <= 0)
10     break;
11    
12     /*
13     @@ -141,6 +141,10 @@ static void convert(iconv_t xd, buff_t *
14     switch (err) {
15     case EILSEQ: /* invalid multibyte sequence */
16     case EINVAL: /* incomplete multibyte sequence */
17     + if(outbytesleft <= 0) {
18     + done = true;
19     + break;
20     + }
21     /* copy 1 byte (or substitute a '?') */
22     if (!replace_nonascii_characters)
23     *outbuf = *inbuf;
24     diff -uNrp bogofilter-1.2.2.base64/src/tests/Makefile.am bogofilter-1.2.2/src/tests/Makefile.am
25     --- bogofilter-1.2.2.base64/src/tests/Makefile.am 2010-07-05 07:26:36.000000000 -0400
26     +++ bogofilter-1.2.2/src/tests/Makefile.am 2012-12-13 10:07:07.893536640 -0500
27     @@ -45,6 +45,7 @@ PARSING_TESTS = \
28     t.multiple.tokens.head t.multiple.tokens.body t.multiple.tokens.min.mul \
29     $(ENCODING_TESTS) \
30     t.rfc2047_broken t.rfc2047_folded \
31     + t.crash-invalid-base64 \
32     t.message_addr t.message_id t.queue_id
33    
34     WORDLIST_TESTS = t.dump.load t.nonascii.replace t.maint t.robx t.regtest t.upgrade.subnet.prefix t.multiple.wordlists t.probe t.bf_compact
35     diff -uNrp bogofilter-1.2.2.base64/src/tests/t.crash-invalid-base64 bogofilter-1.2.2/src/tests/t.crash-invalid-base64
36     --- bogofilter-1.2.2.base64/src/tests/t.crash-invalid-base64 1969-12-31 19:00:00.000000000 -0500
37     +++ bogofilter-1.2.2/src/tests/t.crash-invalid-base64 2012-12-13 10:07:23.733544561 -0500
38     @@ -0,0 +1,21 @@
39     +#! /bin/sh
40     +
41     +. ${srcdir:=.}/t.frame
42     +
43     +# make sure that we do not crash on excessively long tokens
44     +# Test program by Julius Plenz, TU Berlin.
45     +perl -e '
46     +print <<EOF
47     +Content-Type: multipart/mixed;boundary="----=_20121014031204_57463"
48     +
49     +------=_20121014031204_57463
50     +Content-Type: text/plain; charset="utf-8"
51     +
52     +------=_20121014031204_57463
53     +Content-Transfer-Encoding: base64
54     +
55     +EOF
56     +;
57     +print(("vfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvfvf\n")x600);
58     +print "------=_20121014031204_57463--";' \
59     +| $VAL $BOGOFILTER -p -e -C > /dev/null

  ViewVC Help
Powered by ViewVC 1.1.28