diff options
author | sana kazi <sanakazisk19@gmail.com> | 2021-12-03 17:59:08 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-12-03 12:23:38 -0800 |
commit | 7804c8e5bd2975c9829e1667ab1954373a3ede48 (patch) | |
tree | a7535428a721fe86c03c5e274a52f6f4850ea27f | |
parent | 00ad99f4f9a06d66bd5686d2b1dd07c578c8dc2a (diff) | |
download | meta-openembedded-7804c8e5bd2975c9829e1667ab1954373a3ede48.tar.gz |
dovecot: Fix CVE-2020-12673
Added patch for CVE-2020-12673
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch | 37 | ||||
-rw-r--r-- | meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch new file mode 100644 index 0000000000..81aead8aad --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch @@ -0,0 +1,37 @@ +Backport of: + +From 1c6405d3026e5ceae3d214d63945bba85251af4c Mon Sep 17 00:00:00 2001 +From: Aki Tuomi <aki.tuomi@open-xchange.com> +Date: Mon, 18 May 2020 12:33:39 +0300 +Subject: [PATCH 2/3] lib-ntlm: Check buffer length on responses + +Add missing check for buffer length. + +If this is not checked, it is possible to send message which +causes read past buffer bug. + +Broken in c7480644202e5451fbed448508ea29a25cffc99c +--- + src/lib-ntlm/ntlm-message.c | 5 +++++ + 1 file changed, 5 insertions(+) + +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> + +CVE: CVE-2020-12673 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz] +Comment: No change in any hunk + +--- a/src/lib-ntlm/ntlm-message.c ++++ b/src/lib-ntlm/ntlm-message.c +@@ -184,6 +184,11 @@ static int ntlmssp_check_buffer(const st + if (length == 0 && space == 0) + return 1; + ++ if (length > data_size) { ++ *error = "buffer length out of bounds"; ++ return 0; ++ } ++ + if (offset >= data_size) { + *error = "buffer offset out of bounds"; + return 0; diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb index 407604c819..e36e51c283 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb @@ -24,6 +24,7 @@ SRC_URI = "http://dovecot.org/releases/2.2/dovecot-${PV}.tar.gz \ file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \ file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \ file://buffer_free_fix.patch \ + file://0002-lib-ntlm-Check-buffer-length-on-responses.patch \ " SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2" |