SECURITY:
Fix buffer overflow and format string vulnerabilities. From an advisory by Ulf.Harnhammar.9485@student.uu.se.
This commit is contained in:
naddy
parent
1e61150f5c
commit
a915c6adbd
@ -1,9 +1,9 @@
|
|||||||
# $OpenBSD: Makefile,v 1.18 2003/04/26 14:55:32 sturm Exp $
|
# $OpenBSD: Makefile,v 1.19 2004/02/28 20:19:48 naddy Exp $
|
||||||
|
|
||||||
COMMENT= "MIME implementation"
|
COMMENT= "MIME implementation"
|
||||||
|
|
||||||
DISTNAME= mm2.7
|
DISTNAME= mm2.7
|
||||||
PKGNAME= metamail-2.7
|
PKGNAME= metamail-2.7p0
|
||||||
CATEGORIES= mail
|
CATEGORIES= mail
|
||||||
|
|
||||||
MASTER_SITES= ftp://thumper.bellcore.com/pub/nsb/
|
MASTER_SITES= ftp://thumper.bellcore.com/pub/nsb/
|
||||||
@ -18,7 +18,7 @@ WRKDIST= ${WRKDIR}/${DISTNAME}/src
|
|||||||
|
|
||||||
NO_REGRESS= Yes
|
NO_REGRESS= Yes
|
||||||
|
|
||||||
post-patch:
|
post-configure:
|
||||||
@perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," ${WRKSRC}/config.h
|
@perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," ${WRKSRC}/config.h
|
||||||
|
|
||||||
pre-install:
|
pre-install:
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
$OpenBSD: patch-metamail_metamail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
|
$OpenBSD: patch-metamail_metamail_c,v 1.2 2004/02/28 20:19:48 naddy Exp $
|
||||||
--- metamail/metamail.c.orig Wed Feb 20 14:06:43 2002
|
--- metamail/metamail.c.orig 1994-02-17 02:57:19.000000000 +0100
|
||||||
+++ metamail/metamail.c Wed Feb 20 14:06:43 2002
|
+++ metamail/metamail.c 2004-02-28 18:37:27.000000000 +0100
|
||||||
@@ -29,7 +29,7 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIE
|
@@ -29,7 +29,7 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIE
|
||||||
#ifdef BORLAND
|
#ifdef BORLAND
|
||||||
#define F_OK 0
|
#define F_OK 0
|
||||||
@ -35,6 +35,36 @@ $OpenBSD: patch-metamail_metamail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
|
|||||||
tmproot = getenv("METAMAIL_TMPDIR");
|
tmproot = getenv("METAMAIL_TMPDIR");
|
||||||
if (!tmproot) tmproot="/tmp";
|
if (!tmproot) tmproot="/tmp";
|
||||||
mailheaders = getenv("MM_HEADERS");
|
mailheaders = getenv("MM_HEADERS");
|
||||||
|
@@ -1202,9 +1184,9 @@ char *SquirrelFile;
|
||||||
|
fprintf(outfp, "Content-type: %s", ContentType);
|
||||||
|
for (j=0; j<CParamsUsed; ++j) {
|
||||||
|
fprintf(outfp, " ; ");
|
||||||
|
- fprintf(outfp, CParams[j]);
|
||||||
|
+ fprintf(outfp, "%s", CParams[j]);
|
||||||
|
fprintf(outfp, " = ");
|
||||||
|
- fprintf(outfp, CParamValues[j]);
|
||||||
|
+ fprintf(outfp, "%s", CParamValues[j]);
|
||||||
|
}
|
||||||
|
fprintf(outfp, "\n\n");
|
||||||
|
TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
|
||||||
|
@@ -2022,7 +2004,7 @@ int ShowLeadingWhitespace;
|
||||||
|
if (lc2strcmp(charset, PrevCharset)) {
|
||||||
|
char *s2, *charsetinuse;
|
||||||
|
|
||||||
|
- strcpy(PrevCharset, charset);
|
||||||
|
+ strlcpy(PrevCharset, charset, sizeof(PrevCharset));
|
||||||
|
for (s2=PrevCharset; *s2; ++s2) {
|
||||||
|
if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
|
||||||
|
}
|
||||||
|
@@ -2032,7 +2014,7 @@ int ShowLeadingWhitespace;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (ecode == ENCODING_NONE) {
|
||||||
|
- printf(txt+1);
|
||||||
|
+ printf("%s", txt+1);
|
||||||
|
} else {
|
||||||
|
/* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
|
||||||
|
MkTmpFileName(TmpFile);
|
||||||
@@ -2489,14 +2471,14 @@ char *name;
|
@@ -2489,14 +2471,14 @@ char *name;
|
||||||
{
|
{
|
||||||
#ifdef AMIGA
|
#ifdef AMIGA
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
$OpenBSD: patch-metamail_splitmail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
|
$OpenBSD: patch-metamail_splitmail_c,v 1.2 2004/02/28 20:19:48 naddy Exp $
|
||||||
--- metamail/splitmail.c.orig Mon Jan 31 15:23:14 1994
|
--- metamail/splitmail.c.orig 1994-01-31 23:23:14.000000000 +0100
|
||||||
+++ metamail/splitmail.c Wed Feb 20 14:06:43 2002
|
+++ metamail/splitmail.c 2004-02-28 19:01:14.000000000 +0100
|
||||||
@@ -41,8 +41,8 @@ extern char *malloc(), *index(), *getmyn
|
@@ -41,8 +41,8 @@ extern char *malloc(), *index(), *getmyn
|
||||||
#define VERBOSEDELIVERYCMD VerboseDeliveryCmd
|
#define VERBOSEDELIVERYCMD VerboseDeliveryCmd
|
||||||
#else
|
#else
|
||||||
@ -12,3 +12,33 @@ $OpenBSD: patch-metamail_splitmail_c,v 1.1 2002/02/20 21:18:02 pvalchev Exp $
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
usageexit() {
|
usageexit() {
|
||||||
|
@@ -194,7 +194,7 @@ char **argv;
|
||||||
|
s = endofheader(from); /* would be index(from, '\n'),
|
||||||
|
but need to check for continuation lines */
|
||||||
|
*s = '\0';
|
||||||
|
- if (ShareThisHeader(from, SubjectBuf, &OrigID)) {
|
||||||
|
+ if (ShareThisHeader(from, SubjectBuf, sizeof(SubjectBuf), &OrigID)) {
|
||||||
|
strcat(SharedHeaders, from);
|
||||||
|
strcat(SharedHeaders, "\n");
|
||||||
|
}
|
||||||
|
@@ -339,9 +339,10 @@ static char *SharedHeads[] = {
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
|
||||||
|
-ShareThisHeader(s, SubjectBuf, OrigID)
|
||||||
|
+ShareThisHeader(s, SubjectBuf, size, OrigID)
|
||||||
|
char *s;
|
||||||
|
char *SubjectBuf;
|
||||||
|
+size_t size;
|
||||||
|
char **OrigID;
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
@@ -361,7 +362,7 @@ char **OrigID;
|
||||||
|
}
|
||||||
|
if (!ULstrcmp(s, "subject")) {
|
||||||
|
*colon = ':';
|
||||||
|
- strcpy(SubjectBuf, ++colon);
|
||||||
|
+ strlcpy(SubjectBuf, ++colon, size);
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
if (!ULstrcmp(s, "content-type")) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user