[Pkg-cyrus-sasl2-commits] r310 - in /cyrus-sasl-2.1/trunk/debian: changelog patches/0018_auth_rimap_quotes.dpatch patches/00list
fabbe at users.alioth.debian.org
fabbe at users.alioth.debian.org
Fri Feb 15 12:17:40 UTC 2008
Author: fabbe
Date: Fri Feb 15 12:17:40 2008
New Revision: 310
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/?sc=1&rev=310
Log:
Add upstream fix for potential DoS attack through infinite loop.
Added:
cyrus-sasl-2.1/trunk/debian/patches/0018_auth_rimap_quotes.dpatch (with props)
Modified:
cyrus-sasl-2.1/trunk/debian/changelog
cyrus-sasl-2.1/trunk/debian/patches/00list
Modified: cyrus-sasl-2.1/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/changelog?rev=310&op=diff
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/changelog (original)
+++ cyrus-sasl-2.1/trunk/debian/changelog Fri Feb 15 12:17:40 2008
@@ -5,11 +5,13 @@
[ Fabian Fagerholm ]
* debian/control: We conform to 3.7.3.0 of the Debian policy.
* debian/control: Change Vcs-Browser to point to human-readable interface.
+ * debian/patches/0018_auth_rimap_quotes.dpatch: Upstream fix for potential
+ DoS attack through infinite loop.
[ Roberto C. Sanchez ]
* Add Swedish translation (Closes: #460496)
- -- Fabian Fagerholm <fabbe at debian.org> Wed, 13 Feb 2008 12:13:45 +0200
+ -- Fabian Fagerholm <fabbe at debian.org> Fri, 15 Feb 2008 14:14:40 +0200
cyrus-sasl2 (2.1.22.dfsg1-17) unstable; urgency=low
Added: cyrus-sasl-2.1/trunk/debian/patches/0018_auth_rimap_quotes.dpatch
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/patches/0018_auth_rimap_quotes.dpatch?rev=310&op=file
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/patches/0018_auth_rimap_quotes.dpatch (added)
+++ cyrus-sasl-2.1/trunk/debian/patches/0018_auth_rimap_quotes.dpatch Fri Feb 15 12:17:40 2008
@@ -1,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0016_auth_rimap_quotes.dpatch by <fabbe at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Avoid infinite loop when username/password has a double quote character.
+## DP: Upstream change: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/saslauthd/auth_rimap.c.diff?r1=1.12;r2=1.13
+
+ at DPATCH@
+diff -urNad etch~/saslauthd/auth_rimap.c etch/saslauthd/auth_rimap.c
+--- etch~/saslauthd/auth_rimap.c 2007-03-29 15:16:20.000000000 +0300
++++ etch/saslauthd/auth_rimap.c 2008-02-13 13:42:53.000000000 +0200
+@@ -162,6 +162,7 @@
+ num_quotes = 0;
+ p1 = s;
+ while ((p1 = strchr(p1, '"')) != NULL) {
++ p1++;
+ num_quotes++;
+ }
+
+@@ -438,7 +439,7 @@
+ syslog(LOG_WARNING, "auth_rimap: writev: %m");
+ memset(qlogin, 0, strlen(qlogin));
+ free(qlogin);
+- memset(qpass, 0, strlen(qlogin));
++ memset(qpass, 0, strlen(qpass));
+ free(qpass);
+ (void)close(s);
+ return strdup(RESP_IERROR);
+@@ -447,7 +448,7 @@
+ /* don't need these any longer */
+ memset(qlogin, 0, strlen(qlogin));
+ free(qlogin);
+- memset(qpass, 0, strlen(qlogin));
++ memset(qpass, 0, strlen(qpass));
+ free(qpass);
+
+ /* read and parse the LOGIN response */
Propchange: cyrus-sasl-2.1/trunk/debian/patches/0018_auth_rimap_quotes.dpatch
------------------------------------------------------------------------------
svn:executable = *
Modified: cyrus-sasl-2.1/trunk/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/trunk/debian/patches/00list?rev=310&op=diff
==============================================================================
--- cyrus-sasl-2.1/trunk/debian/patches/00list (original)
+++ cyrus-sasl-2.1/trunk/debian/patches/00list Fri Feb 15 12:17:40 2008
@@ -15,3 +15,4 @@
0015_saslutil_decode64_fix
0016_pid_file_lock_creation_mask
0017_db4.6
+0018_auth_rimap_quotes
More information about the Pkg-cyrus-sasl2-commits
mailing list