SECURITY: roll in a distribution patch which fixes CVE-2007-4565

Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html

ok bernd@
This commit is contained in:
rui 2007-08-31 14:20:46 +00:00
parent bd57145fa8
commit 1dd81a5ac2
2 changed files with 14 additions and 1 deletions

View File

@ -1,8 +1,9 @@
# $OpenBSD: Makefile,v 1.110 2007/04/13 13:22:25 bernd Exp $
# $OpenBSD: Makefile,v 1.111 2007/08/31 14:20:46 rui Exp $
COMMENT= "mail retrieval utility for POP2, POP3, KPOP, IMAP and more"
DISTNAME= fetchmail-6.3.8
PKGNAME= ${DISTNAME}p0
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_BERLIOS:=fetchmail/}

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-sink_c,v 1.1 2007/08/31 14:20:46 rui Exp $
--- sink.c.orig Fri Aug 31 14:24:34 2007
+++ sink.c Fri Aug 31 14:25:15 2007
@@ -262,7 +262,7 @@ static int send_bouncemail(struct query *ctl, struct m
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
/* don't bounce in reply to undeliverable bounces */
- if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)