SECURITY:

Buffer overflow fix; from John Cartwright <johnc@grok.org.uk>. http://www.grok.org.uk/advisories/popclient.html
2004-08-07 18:18:20 +00:00 · 2004-08-07 18:18:20 +00:00 · bd8e8a9327
commit bd8e8a9327
parent 512d20367c
2 changed files with 14 additions and 6 deletions
--- a/mail/popclient/Makefile
+++ b/mail/popclient/Makefile
@ -1,11 +1,10 @@
-# $OpenBSD: Makefile,v 1.16 2002/12/29 15:12:31 fgsch Exp $
-# Whom:           Ejovi Nuwere <ejovi@ejovi.net>
+# $OpenBSD: Makefile,v 1.17 2004/08/07 18:18:20 naddy Exp $

 COMMENT=	"client for pop2, pop3, apop, rpop"

 DISTNAME=	popclient-3.0b6
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	mail
-#FAKE=No
 MASTER_SITES=	http://people.freebsd.org/~wosch/src/

 PERMIT_PACKAGE_CDROM=	Yes
--- a/mail/popclient/patches/patch-pop3_c
+++ b/mail/popclient/patches/patch-pop3_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-pop3_c,v 1.1 2000/06/05 00:31:34 espie Exp $
--- pop3.c.orig	Mon Jun  5 02:15:41 2000
-+++ pop3.c	Mon Jun  5 02:15:42 2000
+$OpenBSD: patch-pop3_c,v 1.2 2004/08/07 18:18:20 naddy Exp $
+--- pop3.c.orig	Tue Sep 12 01:48:48 1995
+++ pop3.c	Sat Aug  7 18:33:26 2004
@@ -67,6 +67,7 @@
 
 #include  <sys/time.h>
@ -21,3 +21,12 @@ $OpenBSD: patch-pop3_c,v 1.1 2000/06/05 00:31:34 espie Exp $
     return(PS_SOCKET);
   }
 
+@@ -609,7 +613,7 @@ int topipe;
+   lines = 0;
+   sizeticker = MSGBUFSIZE;
+   while (1) {
+-    if (SockGets(socket,buf,sizeof(buf)) < 0)
+    if (SockGets(socket,buf,sizeof(buf)-1) < 0)
+       return(PS_SOCKET);
+     bufp = buf;
+     if (*bufp == '.') {