ports/124718: [PATCH] mail/fetchmail: fix CVE-2008-2711 (crash when logging long headers in -v -v mode)

Matthias Andree matthias.andree at gmx.de
Wed Jun 18 14:30:01 UTC 2008 

>Number:         124718
>Category:       ports
>Synopsis:       [PATCH] mail/fetchmail: fix CVE-2008-2711 (crash when logging long headers in -v -v mode)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 18 14:30:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 6.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD merlin.emma.line.org 6.3-STABLE FreeBSD 6.3-STABLE #33: Sun Jun  1 11:12:24 CEST
>Description:
Fix CVE-2008-2711 (crash when logging long headers in -v -v mode).

Note that I am not providing a vulndb entry at this time for lack of time.

Added file(s):
- files/patch-CVE-2008-2711

Port maintainer (barner at FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- fetchmail-6.3.8_6.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/Makefile /usr/home/emma/ports/mail/fetchmail/Makefile
--- /usr/ports/mail/fetchmail/Makefile	2008-06-06 15:42:50.000000000 +0200
+++ /usr/home/emma/ports/mail/fetchmail/Makefile	2008-06-18 16:16:56.000000000 +0200
@@ -11,7 +11,7 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.8
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	mail ipv6
 MASTER_SITES=	${MASTER_SITE_BERLIOS} \
 		${MASTER_SITE_SUNSITE:S/$/:sunsite/}\
diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/patch-CVE-2008-2711 /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2008-2711
--- /usr/ports/mail/fetchmail/files/patch-CVE-2008-2711	1970-01-01 01:00:00.000000000 +0100
+++ /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2008-2711	2008-06-18 16:18:27.000000000 +0200
@@ -0,0 +1,31 @@
+diff --git a/report.c b/report.c
+index 31d4e48..2a731ac 100644
+--- ./report.c~
++++ ./report.c
+@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist)
+     rep_ensuresize();
+
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++	/*
++	 * args has to be initialized before every call of vsnprintf(),
++	 * because vsnprintf() invokes va_arg macro and thus args is
++	 * undefined after the call.
++	 */
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end (args);
+
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_alist)
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
--- fetchmail-6.3.8_6.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list