SECURITY:

Fix buffer overflow and format string vulnerabilities. From an advisory by Ulf.Harnhammar.9485@student.uu.se.
2004-02-28 20:19:48 +00:00 · 2004-02-28 20:19:48 +00:00 · a915c6adbd
commit a915c6adbd
parent 1e61150f5c
3 changed files with 69 additions and 9 deletions
--- a/mail/metamail/Makefile
+++ b/mail/metamail/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.18 2003/04/26 14:55:32 sturm Exp $
+# $OpenBSD: Makefile,v 1.19 2004/02/28 20:19:48 naddy Exp $

 COMMENT=	"MIME implementation"

 DISTNAME=	mm2.7
-PKGNAME=	metamail-2.7
+PKGNAME=	metamail-2.7p0
 CATEGORIES=	mail

 MASTER_SITES=	ftp://thumper.bellcore.com/pub/nsb/
@ -18,7 +18,7 @@ WRKDIST=	${WRKDIR}/${DISTNAME}/src

 NO_REGRESS=	Yes

-post-patch:
+post-configure:
 	@perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," ${WRKSRC}/config.h

 pre-install:
--- a/mail/metamail/patches/patch-metamail_metamail_c
+++ b/mail/metamail/patches/patch-metamail_metamail_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-metamail_metamail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
--- metamail/metamail.c.orig	Wed Feb 20 14:06:43 2002
-+++ metamail/metamail.c	Wed Feb 20 14:06:43 2002
+$OpenBSD: patch-metamail_metamail_c,v 1.2 2004/02/28 20:19:48 naddy Exp $
+--- metamail/metamail.c.orig	1994-02-17 02:57:19.000000000 +0100
+++ metamail/metamail.c	2004-02-28 18:37:27.000000000 +0100
@@ -29,7 +29,7 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIE
 #ifdef BORLAND
 #define F_OK 0
@ -35,6 +35,36 @@ $OpenBSD: patch-metamail_metamail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
     tmproot = getenv("METAMAIL_TMPDIR");
     if (!tmproot) tmproot="/tmp";
     mailheaders = getenv("MM_HEADERS");
+@@ -1202,9 +1184,9 @@ char *SquirrelFile;
+     fprintf(outfp, "Content-type: %s", ContentType);
+     for (j=0; j<CParamsUsed; ++j) {
+         fprintf(outfp, " ; ");
+-        fprintf(outfp, CParams[j]);
+        fprintf(outfp, "%s", CParams[j]);
+         fprintf(outfp, " = ");
+-        fprintf(outfp, CParamValues[j]);
+        fprintf(outfp, "%s", CParamValues[j]);
+     }
+     fprintf(outfp, "\n\n"); 
+     TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
+@@ -2022,7 +2004,7 @@ int ShowLeadingWhitespace;
+     if (lc2strcmp(charset, PrevCharset)) {
+         char *s2, *charsetinuse;
+ 
+-        strcpy(PrevCharset, charset);
+        strlcpy(PrevCharset, charset, sizeof(PrevCharset));
+         for (s2=PrevCharset; *s2; ++s2) {
+             if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
+         }
+@@ -2032,7 +2014,7 @@ int ShowLeadingWhitespace;
+         }
+     }
+     if (ecode == ENCODING_NONE) {
+-        printf(txt+1);
+        printf("%s", txt+1);
+     } else {
+         /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
+         MkTmpFileName(TmpFile);
@@ -2489,14 +2471,14 @@ char *name;
 {
 #ifdef AMIGA
--- a/mail/metamail/patches/patch-metamail_splitmail_c
+++ b/mail/metamail/patches/patch-metamail_splitmail_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-metamail_splitmail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
--- metamail/splitmail.c.orig	Mon Jan 31 15:23:14 1994
-+++ metamail/splitmail.c	Wed Feb 20 14:06:43 2002
+$OpenBSD: patch-metamail_splitmail_c,v 1.2 2004/02/28 20:19:48 naddy Exp $
+--- metamail/splitmail.c.orig	1994-01-31 23:23:14.000000000 +0100
+++ metamail/splitmail.c	2004-02-28 19:01:14.000000000 +0100
@@ -41,8 +41,8 @@ extern char *malloc(), *index(), *getmyn
 #define VERBOSEDELIVERYCMD VerboseDeliveryCmd
 #else
@ -12,3 +12,33 @@ $OpenBSD: patch-metamail_splitmail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
 #endif
 
 usageexit() {
+@@ -194,7 +194,7 @@ char **argv;
+ 	s = endofheader(from);  /* would be index(from, '\n'),
+ 				 but need to check for continuation lines */
+         *s = '\0';
+-	if (ShareThisHeader(from, SubjectBuf, &OrigID)) {
+	if (ShareThisHeader(from, SubjectBuf, sizeof(SubjectBuf), &OrigID)) {
+ 	    strcat(SharedHeaders, from);
+ 	    strcat(SharedHeaders, "\n");
+ 	}
+@@ -339,9 +339,10 @@ static char *SharedHeads[] = {
+     NULL
+ };
+ 
+-ShareThisHeader(s, SubjectBuf, OrigID)
+ShareThisHeader(s, SubjectBuf, size, OrigID)
+ char *s;
+ char *SubjectBuf;
+size_t size;
+ char **OrigID;
+ {
+     int i;
+@@ -361,7 +362,7 @@ char **OrigID;
+     }
+     if (!ULstrcmp(s, "subject")) {
+         *colon = ':';
+-        strcpy(SubjectBuf, ++colon);
+        strlcpy(SubjectBuf, ++colon, size);
+         return(0);
+     }
+     if (!ULstrcmp(s, "content-type")) {