mail/procmail CVE-2017-16844

Wed, 29 Nov 2017 09:04:39 -0800 

Hi,

I would like to fix CVE-2017-16844 for procmail.

ok?

bluhm

Index: mail/procmail/Makefile
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/mail/procmail/Makefile,v
retrieving revision 1.42
diff -u -p -r1.42 Makefile
--- mail/procmail/Makefile      7 Jun 2017 02:17:01 -0000       1.42
+++ mail/procmail/Makefile      29 Nov 2017 16:44:11 -0000
@@ -4,7 +4,7 @@ COMMENT=        filtering local mail delivery a
 
 DISTNAME=      procmail-3.22
 CATEGORIES=    mail
-REVISION=      7
+REVISION=      8
 
 MASTER_SITES=  ${HOMEPAGE} \
                http://mirror.switch.ch/ftp/mirror/procmail/ \
Index: mail/procmail/patches/patch-src_formisc_c
===================================================================
RCS file: 
/data/mirror/openbsd/cvs/ports/mail/procmail/patches/patch-src_formisc_c,v
retrieving revision 1.2
diff -u -p -r1.2 patch-src_formisc_c
--- mail/procmail/patches/patch-src_formisc_c   5 Sep 2014 13:52:19 -0000       
1.2
+++ mail/procmail/patches/patch-src_formisc_c   29 Nov 2017 16:57:31 -0000
@@ -3,8 +3,13 @@ $OpenBSD: patch-src_formisc_c,v 1.2 2014
 Hunk #1: CVE-2014-3618, heap overflow in formail when parsing addresses
 with unbalanced quotes.
 
---- src/formisc.c.orig Fri Jun 29 03:20:45 2001
-+++ src/formisc.c      Thu Sep  4 16:15:48 2014
+Hunk #2: CVE-2017-16844: heap-based buffer overflow in loadbuf()
+http://bugs.debian.org/876511
+Patch taken from Debian package procmail_3.22-25+deb9u1.
+
+Index: src/formisc.c
+--- src/formisc.c.orig
++++ src/formisc.c
 @@ -84,12 +84,11 @@ normal:       *target++= *start++;
        case '"':*target++=delim='"';start++;
        }
@@ -19,6 +24,15 @@ with unbalanced quotes.
        }
       hitspc=2;
     }
+@@ -104,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp;          /*
+ }
+                                                           /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)                      /* buf can't hold the text */
++{ while(buffilled+len>buflen)                   /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
 @@ -115,7 +114,7 @@ void loadchar(c)const int c;                     /* append 
one char
    buf[buffilled++]=c;
  }

Reply via email to