ports/65784: Security patch for mail/emil (ref: DSA-468-1, portaudit)

Johan van Selst johans at stack.nl
Mon Apr 19 20:00:47 UTC 2004 

>Number:         65784
>Category:       ports
>Synopsis:       Security patch for mail/emil (ref: DSA-468-1, portaudit)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 19 13:00:41 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Johan van Selst
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD coyote.gletsjer.net 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Mar 7 19:20:00 CET 2004 root at coyote.gletsjer.net:/spare3/obj/spare3/src/sys/coyote i386


	
>Description:
	
	mail/exim is currently forbidden due to overflows and format errors.
	The project is no longer actively maintained, but security patches
	have been released by Ulf Harnhammar, who also released the original
	advisory.
>How-To-Repeat:
	
	See http://vuxml.freebsd.org/ce46b93a-80f2-11d8-9645-0020ed76ef5a.html
	as quoted in the current Makefile for more info
>Fix:

	
This patch has been copied from http://www.securityfocus.com/archive/1/358626
as submitted by Ulf Harnhammer. It has been tested on STABLE and CURRENT.

Please verify, add the code below as extra patch file to mail/emil/files/
and remove the FORBIDDEN clause of this port.

Feel free to educate me about submitting patches if this is not in
the desired format. Thank you.


--- mime.c.old	1996-06-04 15:36:59.000000000 +0200
+++ mime.c	2004-02-26 16:57:42.000000000 +0100
@@ -56,18 +56,18 @@
       if (match(m->sd->type, "TEXT"))
 	{
 	  if (m->td->charset != NULL)
-	    sprintf(buf, "%s; charset=\"%s\"", ct, m->td->charset);
+	    snprintf(buf, sizeof(buf), "%s; charset=\"%s\"", ct, m->td->charset);
 	  else
-	    sprintf(buf, "%s", ct);
+	    snprintf(buf, sizeof(buf), "%s", ct);
 	}
       else
 	if (match(m->sd->type, "MULTIPART"))
 	  {
 	    bb = (char *)getmimebound();
 	    if (m->sd->applefile == AMDOUBLE)
-	      sprintf(buf, "Multipart/AppleDouble; boundary=\"%s\"", bb);
+	      snprintf(buf, sizeof(buf), "Multipart/AppleDouble; boundary=\"%s\"", bb);
 	    else
-	      sprintf(buf,"%s; boundary=\"%s\"", ct, bb);
+	      snprintf(buf, sizeof(buf), "%s; boundary=\"%s\"", ct, bb);
 	    m->td->startbound = (char *)Yalloc(MIMEBOUNDLEN + 5);
 	    m->td->endbound = (char *)Yalloc(MIMEBOUNDLEN + 7);
 	    sprintf(m->td->startbound, "--%s", bb);
@@ -75,7 +75,7 @@
 	  }
 	else
 	  {
-	    sprintf(buf, "%s", ct);
+	    snprintf(buf, sizeof(buf), "%s", ct);
 	  }
     }
   else
@@ -87,7 +87,10 @@
   
   if (m->sd->name != NULL)
     {
-      sprintf(buf, "%s; name=\"%s\"", buf, m->sd->name);
+      char *buf2;
+      buf2 = strdup(buf);
+      snprintf(buf, sizeof(buf), "%s; name=\"%s\"", buf2, m->sd->name);
+      free(buf2);
     }
   add_header(m, "Content-Type", buf, MIME);
   if (bb != NULL)
--- uuencode.c.old	1996-06-04 15:37:02.000000000 +0200
+++ uuencode.c	2004-02-26 17:01:09.000000000 +0100
@@ -116,7 +116,7 @@
   /* Start with uuencode preamble */
   fix_filename(m);
 
-  sprintf(outb,"begin 644 %s\n", m->sd->name);
+  snprintf(outb, sizeof(outb), "begin 644 %s\n", m->sd->name);
   append_data(outbuf, outb, strlen(outb), pz);
   outbuf->lineend += 1;
   i = 0;
@@ -242,7 +242,7 @@
       inb++;
       inbuf->offset += 1;
     }
-  if ((i = sscanf(inb, "begin%*1[ ]%*3[0-7]%*1[ ]%s", filename)) != 1)
+  if ((i = sscanf(inb, "begin%*1[ ]%*3[0-7]%*1[ ]%511s", filename)) != 1)
     {
 #ifdef DEBUG
       if (edebug)
--- main.c.old	1996-06-04 15:36:58.000000000 +0200
+++ main.c	2004-02-26 17:02:18.000000000 +0100
@@ -177,7 +177,7 @@
 			sprintf(ebuf,"Invalid parameter to -f: %s",optarg);
 #ifdef DEBUG
 		  if (edebug)
-		    fprintf(stderr, ebuf);
+		    fprintf(stderr, "%s", ebuf);
 #endif
 			logger(LOG_WARNING,ebuf);
 		}
@@ -303,7 +303,7 @@
 		sprintf(ebuf,"Invalid flag: -%c",c);
 #ifdef DEBUG
 			if (edebug)
-			  fprintf(stderr, ebuf);
+			  fprintf(stderr, "%s", ebuf);
 #endif
 		logger(LOG_WARNING,ebuf);
 	}
@@ -359,7 +359,7 @@
 	sprintf(ebuf, "Invalid mailer specification %s", optarg);
 #ifdef DEBUG
 	if (edebug)
-	  fprintf(stderr, ebuf);
+	  fprintf(stderr, "%s", ebuf);
 #endif
 	logger(LOG_ERR, ebuf);
 	fprintf(stderr, "Emil: %s\n", ebuf);
@@ -448,7 +448,7 @@
 		);
 #ifdef DEBUG
       if (edebug)
-	fprintf(stderr, ebuf);
+	fprintf(stderr, "%s", ebuf);
 #endif
   logger(LOG_DEBUG,ebuf);
   if (source == NULL)
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list