[SVN] r843 - in /trunk/cyrus-imapd-2.2.13: debian/changelog sieve/bc_eval.c sieve/script.c sieve/sieve.y

Tue Sep 22 20:23:04 UTC 2009

Author: hmh
Date: Tue Sep 22 22:23:04 2009
New Revision: 843

URL: https://mail.incase.de/viewcvs?rev=843&root=cyrus22&view=rev
Log:
* Security Update: CVE-2009-3235:
  Multiple stack-based buffer overflows in the Sieve parsing code,
  patches taken from upstream CVS (closes: #547947)

Modified:
    trunk/cyrus-imapd-2.2.13/debian/changelog
    trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c
    trunk/cyrus-imapd-2.2.13/sieve/script.c
    trunk/cyrus-imapd-2.2.13/sieve/sieve.y

Modified: trunk/cyrus-imapd-2.2.13/debian/changelog
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/changelog?rev=843&root=cyrus22&r1=842&r2=843&view=diff
==============================================================================

--- trunk/cyrus-imapd-2.2.13/debian/changelog (original)
+++ trunk/cyrus-imapd-2.2.13/debian/changelog Tue Sep 22 22:23:04 2009
@@ -1,3 +1,11 @@
+cyrus-imapd-2.2 (2.2.13-17) unstable; urgency=high
+
+  * Security Update: CVE-2009-3235:
+    Multiple stack-based buffer overflows in the Sieve parsing code,
+    patches taken from upstream CVS (closes: #547947)
+
+ -- Henrique de Moraes Holschuh <hmh at debian.org>  Tue, 22 Sep 2009 17:17:17 -0300
+
 cyrus-imapd-2.2 (2.2.13-16) unstable; urgency=high
 
   * Justification for high urgency: Get security update from -15 into

Modified: trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c?rev=843&root=cyrus22&r1=842&r2=843&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/bc_eval.c Tue Sep 22 22:23:04 2009
@@ -440,7 +440,7 @@
 	int comparator=ntohl(bc[i+3].value);
 	int apart=ntohl(bc[i+4].value);
 	int count=0;
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
@@ -608,7 +608,7 @@
 	int relation=ntohl(bc[i+2].value);
 	int comparator=ntohl(bc[i+3].value);
 	int count=0;	
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;

Modified: trunk/cyrus-imapd-2.2.13/sieve/script.c
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/script.c?rev=843&root=cyrus22&r1=842&r2=843&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/script.c (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/script.c Tue Sep 22 22:23:04 2009
@@ -526,9 +526,9 @@
     if ((ret != SIEVE_OK) && interp->err) {
 	char buf[1024];
 	if (lastaction == -1) /* we never executed an action */
-	    sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
+	    snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
 	else
-	    sprintf(buf, "%s: %s", action_to_string(lastaction),
+	    snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
 		    errmsg ? errmsg : sieve_errstr(ret));
  
 	ret |= interp->execute_err(buf, interp->interp_context,

Modified: trunk/cyrus-imapd-2.2.13/sieve/sieve.y
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/sieve/sieve.y?rev=843&root=cyrus22&r1=842&r2=843&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/sieve/sieve.y (original)
+++ trunk/cyrus-imapd-2.2.13/sieve/sieve.y Tue Sep 22 22:23:04 2009
@@ -923,7 +923,7 @@
 	else if (!strcmp(r, "ne")) {return NE;}
 	else if (!strcmp(r, "eq")) {return EQ;}
 	else{
-	  sprintf(errbuf, "flag '%s': not a valid relational operation", r);
+	  snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
 	  yyerror(errbuf);
 	  return -1;
 	}


