Hi, I would like to fix CVE-2017-16844 for procmail.
ok? bluhm Index: mail/procmail/Makefile =================================================================== RCS file: /data/mirror/openbsd/cvs/ports/mail/procmail/Makefile,v retrieving revision 1.42 diff -u -p -r1.42 Makefile --- mail/procmail/Makefile 7 Jun 2017 02:17:01 -0000 1.42 +++ mail/procmail/Makefile 29 Nov 2017 16:44:11 -0000 @@ -4,7 +4,7 @@ COMMENT= filtering local mail delivery a DISTNAME= procmail-3.22 CATEGORIES= mail -REVISION= 7 +REVISION= 8 MASTER_SITES= ${HOMEPAGE} \ http://mirror.switch.ch/ftp/mirror/procmail/ \ Index: mail/procmail/patches/patch-src_formisc_c =================================================================== RCS file: /data/mirror/openbsd/cvs/ports/mail/procmail/patches/patch-src_formisc_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_formisc_c --- mail/procmail/patches/patch-src_formisc_c 5 Sep 2014 13:52:19 -0000 1.2 +++ mail/procmail/patches/patch-src_formisc_c 29 Nov 2017 16:57:31 -0000 @@ -3,8 +3,13 @@ $OpenBSD: patch-src_formisc_c,v 1.2 2014 Hunk #1: CVE-2014-3618, heap overflow in formail when parsing addresses with unbalanced quotes. ---- src/formisc.c.orig Fri Jun 29 03:20:45 2001 -+++ src/formisc.c Thu Sep 4 16:15:48 2014 +Hunk #2: CVE-2017-16844: heap-based buffer overflow in loadbuf() +http://bugs.debian.org/876511 +Patch taken from Debian package procmail_3.22-25+deb9u1. + +Index: src/formisc.c +--- src/formisc.c.orig ++++ src/formisc.c @@ -84,12 +84,11 @@ normal: *target++= *start++; case '"':*target++=delim='"';start++; } @@ -19,6 +24,15 @@ with unbalanced quotes. } hitspc=2; } +@@ -104,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp; /* + } + /* append to buf */ + void loadbuf(text,len)const char*const text;const size_t len; +-{ if(buffilled+len>buflen) /* buf can't hold the text */ ++{ while(buffilled+len>buflen) /* buf can't hold the text */ + buf=realloc(buf,buflen+=Bsize); + tmemmove(buf+buffilled,text,len);buffilled+=len; + } @@ -115,7 +114,7 @@ void loadchar(c)const int c; /* append one char buf[buffilled++]=c; }