SECURITY FIX for http://secunia.com/advisories/30742/

(Fetchmail Large Header Processing Denial of Service) Patch was taken from upstream advisory. http://www.fetchmail.info/fetchmail-SA-2008-01.txt ok bernd@ (MAINTAINER)
2008-08-19 22:41:24 +00:00 · 2008-08-19 22:41:24 +00:00 · e073be6eab
commit e073be6eab
parent feca2d2e32
2 changed files with 63 additions and 2 deletions
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.112 2007/09/16 00:17:04 merdely Exp $
+# $OpenBSD: Makefile,v 1.113 2008/08/19 22:41:24 jasper Exp $

 COMMENT=	mail retrieval utility for POP2, POP3, KPOP, IMAP and more

 DISTNAME=	fetchmail-6.3.8
-PKGNAME=	${DISTNAME}p0
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_BERLIOS:=fetchmail/}

--- a/mail/fetchmail/patches/patch-report_c
+++ b/mail/fetchmail/patches/patch-report_c
@ -0,0 +1,61 @@
+$OpenBSD: patch-report_c,v 1.1 2008/08/19 22:41:24 jasper Exp $
+
+Fix for http://secunia.com/advisories/30742/
+(Fetchmail Large Header Processing Denial of Service)
+
+Patch was taken from upstream advisory.
+http://www.fetchmail.info/fetchmail-SA-2008-01.txt
+
+--- report.c.orig	Mon Aug  4 11:50:43 2008
+++ report.c	Mon Aug  4 11:53:49 2008
+@@ -238,12 +238,18 @@ report_build (FILE *errfp, message, va_alist)
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
+	/*
+	 * args has to be initialized before every call of vsnprintf(), 
+	 * because vsnprintf() invokes va_arg macro and thus args is 
+	 * undefined after the call.
+	 */
+	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
+ 
+	va_end (args);
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+         {
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_alist)
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
+@@ -304,12 +309,13 @@ report_complete (FILE *errfp, message, va_alist)
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
+	VA_START (args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used,
+ 		       partial_message_size - partial_message_size_used,
+ 		       message, args);
+	va_end(args);
+ 
+ 	/* old glibc versions return -1 for truncation */
+ 	if (n >= 0
+@@ -322,7 +328,6 @@ report_complete (FILE *errfp, message, va_alist)
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {