svn commit: r303651 - in head/net-im/jabberd: . files
Eygene Ryabinkin
rea at FreeBSD.org
Tue Sep 4 11:54:31 UTC 2012
Author: rea
Date: Tue Sep 4 11:54:30 2012
New Revision: 303651
URL: http://svn.freebsd.org/changeset/ports/303651
Log:
net-im/jabberd: fix CVE-2012-3525
PR: ports/170894
Approved by: maintainer timeout (2 weeks)
Security: http://www.vuxml.org/freebsd/4d1d2f6d-ec94-11e1-8bd8-0022156e8794.html
QA page: http://codelabs.ru/fbsd/ports/qa/net-im/jabberd/2.2.16_2
Added:
head/net-im/jabberd/files/patch-cve-2012-3525 (contents, props changed)
Modified:
head/net-im/jabberd/Makefile
Modified: head/net-im/jabberd/Makefile
==============================================================================
--- head/net-im/jabberd/Makefile Tue Sep 4 10:56:26 2012 (r303650)
+++ head/net-im/jabberd/Makefile Tue Sep 4 11:54:30 2012 (r303651)
@@ -7,7 +7,7 @@
PORTNAME= jabberd
PORTVERSION= 2.2.16
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net-im
MASTER_SITES= http://cloud.github.com/downloads/Jabberd2/jabberd2/
DIST_SUBDIR= jabber
Added: head/net-im/jabberd/files/patch-cve-2012-3525
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net-im/jabberd/files/patch-cve-2012-3525 Tue Sep 4 11:54:30 2012 (r303651)
@@ -0,0 +1,25 @@
+Fixes CVE-2012-3525
+
+Obtained-from: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.diff
+diff --git a/s2s/out.c b/s2s/out.c
+index 0ed9b30..7b9f44f 100644
+--- s2s/out.c
++++ s2s/out.c
+@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
+ rkeylen = strlen(rkey);
+
+ /* key is valid */
+- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
++ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
+ log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
+
+ xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
+@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
+ rkey = s2s_route_key(NULL, to->domain, from->domain);
+
+ attr = nad_find_attr(nad, 0, -1, "type", "valid");
+- if(attr >= 0) {
++ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
+ xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
+ log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
+ valid = 1;
More information about the svn-ports-all
mailing list