CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

dovecot: Fix CVE-2020-12673

Browse Source 
Added patch for CVE-2020-12673

Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
sana kazi 2021-12-03 17:59:08 +05:30 committed by Armin Kuster
parent 00ad99f4f9
commit 7804c8e5bd
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch Normal file
View File

@ -0,0 +1,37 @@
Backport of:
From 1c6405d3026e5ceae3d214d63945bba85251af4c Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 18 May 2020 12:33:39 +0300
Subject: [PATCH 2/3] lib-ntlm: Check buffer length on responses
Add missing check for buffer length.
If this is not checked, it is possible to send message which
causes read past buffer bug.
Broken in c7480644202e5451fbed448508ea29a25cffc99c
---
src/lib-ntlm/ntlm-message.c | 5 +++++
1 file changed, 5 insertions(+)
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
CVE: CVE-2020-12673
Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz]
Comment: No change in any hunk
--- a/src/lib-ntlm/ntlm-message.c
+++ b/src/lib-ntlm/ntlm-message.c
@@ -184,6 +184,11 @@ static int ntlmssp_check_buffer(const st
if (length == 0 && space == 0)
return 1;
+ if (length > data_size) {
+ *error = "buffer length out of bounds";
+ return 0;
+ }
+
if (offset >= data_size) {
*error = "buffer offset out of bounds";
return 0;

1
meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb
View File

@ -24,6 +24,7 @@ SRC_URI = "http://dovecot.org/releases/2.2/dovecot-${PV}.tar.gz \
file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \
file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \
file://buffer_free_fix.patch \
file://0002-lib-ntlm-Check-buffer-length-on-responses.patch \
"
SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2"