commit libesmtp for openSUSE:Factory

Source-Sync Wed, 11 Aug 2021 02:47:30 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libesmtp for openSUSE:Factory 
checked in at 2021-08-11 11:47:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libesmtp (Old)
 and      /work/SRC/openSUSE:Factory/.libesmtp.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libesmtp"

Wed Aug 11 11:47:04 2021 rev:22 rq:910457 version:1.0.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/libesmtp/libesmtp.changes        2019-02-04 
21:17:59.295723512 +0100
+++ /work/SRC/openSUSE:Factory/.libesmtp.new.1899/libesmtp.changes      
2021-08-11 11:47:15.417743628 +0200
@@ -1,0 +2,6 @@
+Fri Aug  6 09:16:53 UTC 2021 - Yifan Jiang <yfji...@suse.com>
+
+- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
+  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
+
+-------------------------------------------------------------------

New:
----
  libesmtp-fix-cve-2019-19977.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libesmtp.spec ++++++
--- /var/tmp/diff_new_pack.CsLclN/_old  2021-08-11 11:47:16.421742420 +0200
+++ /var/tmp/diff_new_pack.CsLclN/_new  2021-08-11 11:47:16.421742420 +0200
@@ -32,6 +32,8 @@
 # PATCH-FIX-UPSTREAM libesmtp-tlsv12.patch crrodrig...@opensuse.org -- All TLS 
clients must support and use the highest TLS version available
 Patch2:         libesmtp-tlsv12.patch
 Patch3:         libesmtp-openssl11.patch
+# PATCH-FIX-UPSTREAM libesmtp-fix-cve-2019-19977.patch yfji...@suse.com 
bsc#1189097 bsc#1160462 - Fix stack-based buffer over-read in ntlm/ntlmstruct.c.
+Patch4:         libesmtp-fix-cve-2019-19977.patch
 BuildRequires:  openssl-devel
 BuildRequires:  libtool
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -71,6 +73,7 @@
 %patch1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 autoreconf -fiv

++++++ libesmtp-fix-cve-2019-19977.patch ++++++
>From 8c85278d28ff4da32106714a1420371fe37ef349 Mon Sep 17 00:00:00 2001
From: Brian Stafford <cont...@brianstafford.info>
Date: Mon, 24 Aug 2020 16:11:13 +0100
Subject: [PATCH] CVE-2019-19977 avoid stach overrwrite #6

---
 ntlm/ntlm.h       |  2 +-
 ntlm/ntlmdes.c    |  9 ++++--
 ntlm/ntlmstruct.c | 76 ++++++++++++++---------------------------------
 3 files changed, 30 insertions(+), 57 deletions(-)

Index: libesmtp-1.0.6/ntlm/ntlm.h
===================================================================
--- libesmtp-1.0.6.orig/ntlm/ntlm.h
+++ libesmtp-1.0.6/ntlm/ntlm.h
@@ -24,7 +24,7 @@
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-char *lm_uccpy (char *dst, size_t dstlen, const char *src);
+int lm_uccpy (char *dst, size_t dstlen, const char *src);
 unsigned char *nt_unicode (const char *string, size_t len);
 
 void lm_hash_password (unsigned char *hash, const char *pass);
Index: libesmtp-1.0.6/ntlm/ntlmdes.c
===================================================================
--- libesmtp-1.0.6.orig/ntlm/ntlmdes.c
+++ libesmtp-1.0.6/ntlm/ntlmdes.c
@@ -66,19 +66,19 @@ lm_deshash (void *result, const_des_cblo
 
 /* Copy and convert to upper case.  If supplied string is shorter than the
    destination, zero pad the remainder. */
-char *
+int
 lm_uccpy (char *dst, size_t dstlen, const char *src)
 {
   char *p;
   size_t len;
 
-  if ((len = strlen (src)) > dstlen)
+  if ((len = src != NULL ? strlen (src) : 0) > dstlen)
     len = dstlen;
   for (p = dst; len > 0; p++, src++, len--)
     *p = toupper (*src);
   if (p < dst + dstlen)
     memset (p, 0, dst + dstlen - p);
-  return dst;
+  return len;
 }
 
 /* create LanManager hashed password */
@@ -101,6 +101,9 @@ nt_unicode (const char *string, size_t l
 {
   unsigned char *uni, *pp;
 
+  if (len == 0)
+    return NULL;
+
   uni = malloc (len * 2);
   if ((pp = uni) != NULL)
     while (len-- > 0)
Index: libesmtp-1.0.6/ntlm/ntlmstruct.c
===================================================================
--- libesmtp-1.0.6.orig/ntlm/ntlmstruct.c
+++ libesmtp-1.0.6/ntlm/ntlmstruct.c
@@ -187,7 +187,6 @@ ntlm_build_type_1 (char *buf, size_t buf
 {
   size_t offset = T1SIZE;
   size_t len;
-  unsigned char *up;
   char string[256];
 
   if (buflen < offset)
@@ -195,25 +194,13 @@ ntlm_build_type_1 (char *buf, size_t buf
   memcpy (buf, NTLMSSP, 8);
   write_uint32 (buf, MSGTYPE, 1);
   write_uint32 (buf, T1FLAGS, flags);
-  up = NULL;
-  len = 0;
-  if (domain != NULL)
-    {
-      len = strlen (domain);
-      if (offset + len > buflen)
-       return 0;
-      lm_uccpy (string, len, domain);
-    }
+  len = lm_uccpy (string, sizeof string, domain);
+  if (offset + len > buflen)
+    return 0;
   write_string (buf, T1DOMAIN, &offset, string, len);
-  up = NULL;
-  len = 0;
-  if (workstation != NULL)
-    {
-      len = strlen (workstation);
-      if (offset + len > buflen)
-       return 0;
-      lm_uccpy (string, len, workstation);
-    }
+  len = lm_uccpy (string, sizeof string, workstation);
+  if (offset + len > buflen)
+    return 0;
   write_string (buf, T1WKSTN, &offset, string, len);
   return offset;
 }
@@ -232,16 +219,11 @@ ntlm_build_type_2 (char *buf, size_t buf
     return 0;
   memcpy (buf, NTLMSSP, 8);
   write_uint32 (buf, MSGTYPE, 2);
-  up = NULL;
-  len = 0;
-  if (domain != NULL)
-    {
-      len = strlen (domain);
-      if (offset + 2 * len > buflen)
-       return 0;
-      up = nt_unicode (lm_uccpy (string, len, domain), 2 * len);
-    }
-  write_string (buf, T2AUTHTARGET, &offset, up, len);
+  len = lm_uccpy (string, sizeof string, domain);
+  if (offset + 2 * len > buflen)
+    return 0;
+  up = nt_unicode (string, len);
+  write_string (buf, T2AUTHTARGET, &offset, up, 2 * len);
   if (up != NULL)
     free (up);
   write_uint32 (buf, T2FLAGS, flags);
@@ -267,39 +249,24 @@ ntlm_build_type_3 (char *buf, size_t buf
   write_uint32 (buf, MSGTYPE, 3);
   write_string (buf, T3LMRESPONSE, &offset, lm_resp, 24);
   write_string (buf, T3NTRESPONSE, &offset, nt_resp, 24);
-  up = NULL;
-  len = 0;
-  if (domain != NULL)
-    {
-      len = strlen (domain);
-      if (offset + 2 * len > buflen)
-       return 0;
-      up = nt_unicode (lm_uccpy (string, len, domain), 2 * len);
-    }
+  len = lm_uccpy (string, sizeof string, domain);
+  if (offset + 2 * len > buflen)
+    return 0;
+  up = nt_unicode (string, len);
   write_string (buf, T3DOMAIN, &offset, up, 2 * len);
   if (up != NULL)
     free (up);
-  up = NULL;
-  len = 0;
-  if (user != NULL)
-    {
-      len = strlen (user);
-      if (offset + 2 * len > buflen)
-       return 0;
-      up = nt_unicode (lm_uccpy (string, len, user), 2 * len);
-    }
+  len = lm_uccpy (string, sizeof string, user);
+  if (offset + 2 * len > buflen)
+    return 0;
+  up = nt_unicode (string, len);
   write_string (buf, T3USER, &offset, up, 2 * len);
   if (up != NULL)
     free (up);
-  up = NULL;
-  len = 0;
-  if (workstation != NULL)
-    {
-      len = strlen (workstation);
-      if (offset + 2 * len > buflen)
-       return 0;
-      up = nt_unicode (lm_uccpy (string, len, workstation), 2 * len);
-    }
+  len = lm_uccpy (string, sizeof string, workstation);
+  if (offset + 2 * len > buflen)
+    return 0;
+  up = nt_unicode (string, len);
   write_string (buf, T3WKSTN, &offset, up, 2 * len);
   if (up != NULL)
     free (up);

commit libesmtp for openSUSE:Factory

Reply via email to