Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 640170 Details for
Bug 721566
<mail-mta/netqmail-1.06-r13: multiple vulnerabilities (CVE-2005-{1513,1514,1515})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch 1
0001-fix-signedness-wraparound-in-substdio_put-CVE-2005-1.patch (text/plain), 1.78 KB, created by
Rolf Eike Beer
on 2020-05-18 16:31:02 UTC
(
hide
)
Description:
patch 1
Filename:
MIME Type:
Creator:
Rolf Eike Beer
Created:
2020-05-18 16:31:02 UTC
Size:
1.78 KB
patch
obsolete
>From c49ad1a262605048e41e2ffaeea0b61c0db31a78 Mon Sep 17 00:00:00 2001 >From: Rolf Eike Beer <eike@sf-mail.de> >Date: Mon, 11 May 2020 18:55:11 +0200 >Subject: [PATCH 1/4] fix signedness wraparound in substdio_put() > (CVE-2005-1515) > >--- > qmail.c | 2 +- > substdo.c | 14 ++++++++------ > 2 files changed, 9 insertions(+), 7 deletions(-) > >diff --git a/qmail.c b/qmail.c >index 186c092..7c86a04 100644 >--- a/qmail.c >+++ b/qmail.c >@@ -61,7 +61,7 @@ void qmail_fail(qq) struct qmail *qq; > qq->flagerr = 1; > } > >-void qmail_put(qq,s,len) struct qmail *qq; char *s; int len; >+void qmail_put(qq,s,len) struct qmail *qq; char *s; unsigned int len; > { > if (!qq->flagerr) if (substdio_put(&qq->ss,s,len) == -1) qq->flagerr = 1; > } >diff --git a/substdo.c b/substdo.c >index fb616f7..bccf0d6 100644 >--- a/substdo.c >+++ b/substdo.c >@@ -7,7 +7,7 @@ static int allwrite(op,fd,buf,len) > register int (*op)(); > register int fd; > register char *buf; >-register int len; >+register unsigned int len; > { > register int w; > >@@ -55,16 +55,18 @@ register int len; > int substdio_put(s,buf,len) > register substdio *s; > register char *buf; >-register int len; >+register unsigned int len; > { >- register int n; >+ register unsigned int n = s->n; /* how many bytes to write in next chunk */ > >- n = s->n; >- if (len > n - s->p) { >+ /* check if the input would fit in the buffer without flushing */ >+ if (len > n - (unsigned int)s->p) { > if (substdio_flush(s) == -1) return -1; > /* now s->p == 0 */ > if (n < SUBSTDIO_OUTSIZE) n = SUBSTDIO_OUTSIZE; >- while (len > s->n) { >+ /* as long as the remainder would not fit into s->x write it directly >+ * from buf to s->fd. */ >+ while (len > (unsigned int)s->n) { > if (n > len) n = len; > if (allwrite(s->op,s->fd,buf,n) == -1) return -1; > buf += n; >-- >2.26.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 721566
: 640170 |
640172
|
640174
|
640176