234391 CVE-2008-3962 2008-08-10 17:18 0000 mail-mta/ssmtp <2.62-r3 unitialized memory disclosure (CVE-2008-3962) 2008-11-26 22:35:07 0000 1 1 1 Unclassified Gentoo Security Auditing unspecified All Linux RESOLVED FIXED ~4 / B4 [noglsa] P2 normal --- 236812 1 griffon26@gentoo.org security@gentoo.org dertobi123@gentoo.org nion@debian.org griffon26@gentoo.org 2008-08-10 17:18:19 0000 In ssmtp.c the function fd_gets more or less looks like this: char *fd_gets(char *buf, int size, int fd) { while((i < size) && (fd_getc(fd, &c) == 1)) { buf[i++] = c; } buf[i] = (char)NULL; return(buf); } Coming out of the loop, i can be size, causing a 0-byte to be written past the end of the buffer. There are also lots of "char c = (char)NULL;" and "char *p = (char)NULL;" occurrences that may be indicative of careless programming and may warrant a code review. py@gentoo.org 2008-08-10 17:22:58 0000 I agree on the off-by-one error, but initializing variables to NULL before using them seems a rather good practice to me, as it allows to find some bugs more easily. We'll probably have to contact upstream. griffon26@gentoo.org 2008-08-10 17:52:09 0000 Created an attachment (id=162630) Proposed misc fixes In addition to fixing the "(char)NULL" things and the off-by-one, this also addresses a problem in from_format() that caused a call to strdup on a local buffer with uninitialized contents. This last problem was introduced in 2.62 and was the reason I started looking at the source code in the first place (the From: line wasn't properly formatted). I have not looked at the rest of the source, so I'm not claiming this is a complete solution. rbu@gentoo.org 2008-08-19 22:21:21 0000 Concerning the potential off-by-one: There is no off-by-one error if 'int size' is not the buffer size, but the maximum number of characters the buffer can contain (not counting the NUL). From my reading of the code, this is what happens: The only call of that function is here: int smtp_read(int fd, char *response) { do { if(fd_gets(response, BUF_SZ, fd) == NULL) { ... smtp_read() is called at several places, but all buffers that are passed as 'response' have been allocated as 'BUF_SZ + 1'. Am I missing something? griffon26@gentoo.org 2008-08-21 07:27:07 0000 You're right about the buffer size. Now if the strdup is not something that can be abused, then this can be demoted to a regular ssmtp bug. griffon26@gentoo.org 2008-08-21 17:57:12 0000 Created an attachment (id=163507) Updated patch. Removed fix for off-by-one that wasn't an off-by-one. Updated patch. rbu@gentoo.org 2008-09-09 12:34:12 0000 Created an attachment (id=165005) ssmtp-unitialized-strdup.patch Just the security-relevant hunk. rbu@gentoo.org 2008-09-09 12:44:26 0000 Opening to the public, please commit with the patch. rbu@gentoo.org 2008-09-09 15:09:23 0000 CVE-2008-3962 has been assigned. dertobi123@gentoo.org 2008-09-09 19:49:22 0000 2.62-r3 is inCVS. rbu@gentoo.org 2008-09-11 09:23:13 0000 As Tomas Hoger pointed out, this has been a re-introduction of bug 127592 since that patch was dropped in the ebuild when 2.62 was bumped. 2.61 is also affected, but we patched it in 2006. dertobi123@gentoo.org 2008-09-12 14:08:07 0000 (In reply to comment #10) > As Tomas Hoger pointed out, this has been a re-introduction of bug 127592 since > that patch was dropped in the ebuild when 2.62 was bumped. > > 2.61 is also affected, but we patched it in 2006. > only 2.61-r2 and 2.61-r31 where patched, but not -2.61-r30 which i apparantly used as a base for 2.62, thus the patch got dropped for 2.62. 2.61-r30 was always p.masked iirc. rbu@gentoo.org 2008-09-12 14:12:43 0000 Arches, please test and mark stable: =mail-mta/ssmtp-2.62-r3 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" jer@gentoo.org 2008-09-12 15:22:50 0000 Stable for HPPA. maekke@gentoo.org 2008-09-12 21:42:56 0000 amd64/x86 stable armin76@gentoo.org 2008-09-13 16:22:16 0000 alpha/ia64/sparc stable ranger@gentoo.org 2008-09-17 14:44:47 0000 ppc and ppc64 stable rbu@gentoo.org 2008-11-09 12:57:29 0000 It was only stable for a short timeframe and the issue is almost impossible to exploit. My vote is NO glsa. py@gentoo.org 2008-11-26 22:35:07 0000 no too, and closing. 162630 2008-08-10 17:52 0000 Proposed misc fixes ssmtp-2.62-off-by-one-typecasts-and-from-fix.patch text/plain ZGlmZiAtcnVOIHNzbXRwLW9yaWdpbmFsL3NzbXRwLmMgc3NtdHAtZml4ZWQvc3NtdHAuYwotLS0g c3NtdHAtb3JpZ2luYWwvc3NtdHAuYwkyMDA4LTA4LTEwIDE4OjI2OjMzLjAwMDAwMDAwMCArMDIw MAorKysgc3NtdHAtZml4ZWQvc3NtdHAuYwkyMDA4LTA4LTEwIDE5OjM4OjIyLjAwMDAwMDAwMCAr MDIwMApAQCAtNTUsMjEgKzU1LDIxIEBACiAKICNkZWZpbmUgQVJQQURBVEVfTEVOR1RIIDMyCQkv KiBDdXJyZW50IGRhdGUgaW4gUkZDIGZvcm1hdCAqLwogY2hhciBhcnBhZGF0ZVtBUlBBREFURV9M RU5HVEhdOwotY2hhciAqYXV0aF91c2VyID0gKGNoYXIpTlVMTDsKLWNoYXIgKmF1dGhfcGFzcyA9 IChjaGFyKU5VTEw7Ci1jaGFyICphdXRoX21ldGhvZCA9IChjaGFyKU5VTEw7CQkvKiBNZWNoYW5p c20gZm9yIFNNVFAgYXV0aGVudGljYXRpb24gKi8KLWNoYXIgKm1haWxfZG9tYWluID0gKGNoYXIp TlVMTDsKLWNoYXIgKmZyb20gPSAoY2hhcilOVUxMOwkJLyogVXNlIHRoaXMgYXMgdGhlIEZyb206 IGFkZHJlc3MgKi8KK2NoYXIgKmF1dGhfdXNlciA9IChjaGFyICopTlVMTDsKK2NoYXIgKmF1dGhf cGFzcyA9IChjaGFyICopTlVMTDsKK2NoYXIgKmF1dGhfbWV0aG9kID0gKGNoYXIgKilOVUxMOwkJ LyogTWVjaGFuaXNtIGZvciBTTVRQIGF1dGhlbnRpY2F0aW9uICovCitjaGFyICptYWlsX2RvbWFp biA9IChjaGFyICopTlVMTDsKK2NoYXIgKmZyb20gPSAoY2hhciAqKU5VTEw7CQkvKiBVc2UgdGhp cyBhcyB0aGUgRnJvbTogYWRkcmVzcyAqLwogY2hhciAqaG9zdG5hbWU7CiBjaGFyICptYWlsaG9z dCA9ICJtYWlsaHViIjsKLWNoYXIgKm1pbnVzX2YgPSAoY2hhcilOVUxMOwotY2hhciAqbWludXNf RiA9IChjaGFyKU5VTEw7CitjaGFyICptaW51c19mID0gKGNoYXIgKilOVUxMOworY2hhciAqbWlu dXNfRiA9IChjaGFyICopTlVMTDsKIGNoYXIgKmdlY29zOwotY2hhciAqcHJvZyA9IChjaGFyKU5V TEw7CitjaGFyICpwcm9nID0gKGNoYXIgKilOVUxMOwogY2hhciAqcm9vdCA9IE5VTEw7CiBjaGFy ICp0bHNfY2VydCA9ICIvZXRjL3NzbC9jZXJ0cy9zc210cC5wZW0iOwkvKiBEZWZhdWx0IENlcnRp ZmljYXRlICovCi1jaGFyICp1YWQgPSAoY2hhcilOVUxMOwotY2hhciAqY29uZmlnX2ZpbGUgPSAo Y2hhcilOVUxMOwkJLyogYWx0ZXJuYXRlIGNvbmZpZ3VyYXRpb24gZmlsZSAqLworY2hhciAqdWFk ID0gKGNoYXIgKilOVUxMOworY2hhciAqY29uZmlnX2ZpbGUgPSAoY2hhciAqKU5VTEw7CQkvKiBh bHRlcm5hdGUgY29uZmlndXJhdGlvbiBmaWxlICovCiAKIGhlYWRlcnNfdCBoZWFkZXJzLCAqaHQ7 CiAKQEAgLTI2MSw3ICsyNjEsNyBAQAogCiAJcCA9IChzdHIgKyBzdHJsZW4oc3RyKSk7CiAJd2hp bGUoaXNzcGFjZSgqLS1wKSkgewotCQkqcCA9IChjaGFyKU5VTEw7CisJCSpwID0gJ1wwJzsKIAl9 CiAKIAlyZXR1cm4ocCk7CkBAIC0yODcsNyArMjg3LDcgQEAKIAkJcSsrOwogCiAJCWlmKChwID0g c3RyY2hyKHEsICc+JykpKSB7Ci0JCQkqcCA9IChjaGFyKU5VTEw7CisJCQkqcCA9ICdcMCc7CiAJ CX0KIAogI2lmIDAKQEAgLTMxMCw3ICszMTAsNyBAQAogCXEgPSBzdHJpcF9wb3N0X3dzKHApOwog CWlmKCpxID09ICcpJykgewogCQl3aGlsZSgoKi0tcSAhPSAnKCcpKTsKLQkJKnEgPSAoY2hhcilO VUxMOworCQkqcSA9ICdcMCc7CiAJfQogCSh2b2lkKXN0cmlwX3Bvc3Rfd3MocCk7CiAKQEAgLTM1 Myw3ICszNTMsNyBAQAogCWNoYXIgKnA7CiAKIAlpZigocCA9IHN0cmNocihzdHIsICdcbicpKSkg ewotCQkqcCA9IChjaGFyKU5VTEw7CisJCSpwID0gJ1wwJzsKIAl9CiAKIAkvKiBBbnkgbGluZSBi ZWdpbm5pbmcgd2l0aCBhIGRvdCBoYXMgYW4gYWRkaXRpb25hbCBkb3QgaW5zZXJ0ZWQ7CkBAIC0z ODYsNyArMzg2LDcgQEAKIAkJd2hpbGUoZmdldHMoYnVmLCBzaXplb2YoYnVmKSwgZnApKSB7CiAJ CQkvKiBNYWtlIGNvbW1lbnRzIGludmlzaWJsZSAqLwogCQkJaWYoKHAgPSBzdHJjaHIoYnVmLCAn IycpKSkgewotCQkJCSpwID0gKGNoYXIpTlVMTDsKKwkJCQkqcCA9ICdcMCc7CiAJCQl9CiAKIAkJ CS8qIElnbm9yZSBtYWxmb3JtZWQgbGluZXMgYW5kIGNvbW1lbnRzICovCkBAIC00ODUsNiArNDg1 LDExIEBACiAJCQkJZGllKCJmcm9tX2Zvcm1hdCgpIC0tIHNucHJpbnRmKCkgZmFpbGVkIik7CiAJ CQl9CiAJCX0KKwkJZWxzZSB7CisJCQlpZihzbnByaW50ZihidWYsIEJVRl9TWiwgIiVzIiwgc3Ry KSA9PSAtMSkgeworCQkJCWRpZSgiZnJvbV9mb3JtYXQoKSAtLSBzbnByaW50ZigpIGZhaWxlZCIp OworCQkJfQorCQl9CiAJfQogCiAjaWYgMApAQCAtNTE2LDcgKzUyMSw3IEBACiAjZW5kaWYKIAog CS8qIElnbm9yZSBtaXNzaW5nIHVzZXJuYW1lcyAqLwotCWlmKCpzdHIgPT0gKGNoYXIpTlVMTCkg eworCWlmKCpzdHIgPT0gJ1wwJykgewogCQlyZXR1cm47CiAJfQogCkBAIC01NzMsNyArNTc4LDcg QEAKIAkJfQogCiAJCS8qIEVuZCBvZiBzdHJpbmc/ICovCi0JCWlmKCoocSArIDEpID09IChjaGFy KU5VTEwpIHsKKwkJaWYoKihxICsgMSkgPT0gJ1wwJykgewogCQkJZ290X2FkZHIgPSBUcnVlOwog CQl9CiAKQEAgLTU4MSw3ICs1ODYsNyBAQAogCQlpZigoKnEgPT0gJywnKSAmJiAoaW5fcXVvdGVz ID09IEZhbHNlKSkgewogCQkJZ290X2FkZHIgPSBUcnVlOwogCi0JCQkqcSA9IChjaGFyKU5VTEw7 CisJCQkqcSA9ICdcMCc7CiAJCX0KIAogCQlpZihnb3RfYWRkcikgewpAQCAtNjczLDcgKzY3OCw3 IEBACiAJaWYoc3RybmNhc2VjbXAoaHQtPnN0cmluZywgIkZyb206IiwgNSkgPT0gMCkgewogI2lm IDEKIAkJLyogSGFjayBjaGVjayBmb3IgTlVMTCBGcm9tOiBsaW5lICovCi0JCWlmKCoocCArIDYp ID09IChjaGFyKU5VTEwpIHsKKwkJaWYoKihwICsgNikgPT0gJ1wwJykgewogCQkJcmV0dXJuOwog CQl9CiAjZW5kaWYKQEAgLTczOCw3ICs3NDMsNyBAQAogCXNpemVfdCBzaXplID0gQlVGX1NaLCBs ZW4gPSAwOwogCWNoYXIgKnAgPSAoY2hhciAqKU5VTEwsICpxOwogCWJvb2xfdCBpbl9oZWFkZXIg PSBUcnVlOwotCWNoYXIgbCA9IChjaGFyKU5VTEw7CisJY2hhciBsID0gJ1wwJzsKIAlpbnQgYzsK IAogCXdoaWxlKGluX2hlYWRlciAmJiAoKGMgPSBmZ2V0YyhzdHJlYW0pKSAhPSBFT0YpKSB7CkBA IC03NzMsOSArNzc4LDkgQEAKIAkJCQkJCWluX2hlYWRlciA9IEZhbHNlOwogCiAJCQkJZGVmYXVs dDoKLQkJCQkJCSpxID0gKGNoYXIpTlVMTDsKKwkJCQkJCSpxID0gJ1wwJzsKIAkJCQkJCWlmKChx ID0gc3RycmNocihwLCAnXG4nKSkpIHsKLQkJCQkJCQkqcSA9IChjaGFyKU5VTEw7CisJCQkJCQkJ KnEgPSAnXDAnOwogCQkJCQkJfQogCQkJCQkJaGVhZGVyX3NhdmUocCk7CiAKQEAgLTgwNiw5ICs4 MTEsOSBAQAogCQkJCQkJaW5faGVhZGVyID0gRmFsc2U7CiAKIAkJCQlkZWZhdWx0OgotCQkJCQkJ KnEgPSAoY2hhcilOVUxMOworCQkJCQkJKnEgPSAnXDAnOwogCQkJCQkJaWYoKHEgPSBzdHJyY2hy KHAsICdcbicpKSkgewotCQkJCQkJCSpxID0gKGNoYXIpTlVMTDsKKwkJCQkJCQkqcSA9ICdcMCc7 CiAJCQkJCQl9CiAJCQkJCQloZWFkZXJfc2F2ZShwKTsKIApAQCAtODgyLDcgKzg4Nyw3IEBACiAJ CWNoYXIgKnJpZ2h0c2lkZTsKIAkJLyogTWFrZSBjb21tZW50cyBpbnZpc2libGUgKi8KIAkJaWYo KHAgPSBzdHJjaHIoYnVmLCAnIycpKSkgewotCQkJKnAgPSAoY2hhcilOVUxMOworCQkJKnAgPSAn XDAnOwogCQl9CiAKIAkJLyogSWdub3JlIG1hbGZvcm1lZCBsaW5lcyBhbmQgY29tbWVudHMgKi8K QEAgLTEzMDEsNyArMTMwNiw3IEBACiAJaW50IGkgPSAwOwogCWNoYXIgYzsKIAotCXdoaWxlKChp IDwgc2l6ZSkgJiYgKGZkX2dldGMoZmQsICZjKSA9PSAxKSkgeworCXdoaWxlKChpIDwgc2l6ZSAt IDEpICYmIChmZF9nZXRjKGZkLCAmYykgPT0gMSkpIHsKIAkJaWYoYyA9PSAnXHInKTsJLyogU3Ry aXAgPENSPiAqLwogCQllbHNlIGlmKGMgPT0gJ1xuJykgewogCQkJYnJlYWs7CkBAIC0xMzEwLDcg KzEzMTUsNyBAQAogCQkJYnVmW2krK10gPSBjOwogCQl9CiAJfQotCWJ1ZltpXSA9IChjaGFyKU5V TEw7CisJYnVmW2ldID0gJ1wwJzsKIAogCXJldHVybihidWYpOwogfQpAQCAtMTcyMyw3ICsxNzI4 LDcgQEAKIAkJaiA9IDA7CiAKIAkJYWRkID0gMTsKLQkJd2hpbGUoYXJndltpXVsrK2pdICE9IChj aGFyKU5VTEwpIHsKKwkJd2hpbGUoYXJndltpXVsrK2pdICE9ICdcMCcpIHsKIAkJCXN3aXRjaChh cmd2W2ldW2pdKSB7CiAjaWZkZWYgSU5FVDYKIAkJCWNhc2UgJzYnOgo= 163507 2008-08-21 17:57 0000 Updated patch. Removed fix for off-by-one that wasn't an off-by-one. ssmtp-2.62-typecasts-and-from-fix.patch text/plain ZGlmZiAtcnVOIHNzbXRwLW9yaWdpbmFsL3NzbXRwLmMgc3NtdHAtZml4ZWQvc3NtdHAuYwotLS0g c3NtdHAtb3JpZ2luYWwvc3NtdHAuYwkyMDA4LTA4LTEwIDE4OjI2OjMzLjAwMDAwMDAwMCArMDIw MAorKysgc3NtdHAtZml4ZWQvc3NtdHAuYwkyMDA4LTA4LTEwIDE5OjM4OjIyLjAwMDAwMDAwMCAr MDIwMApAQCAtNTUsMjEgKzU1LDIxIEBACiAKICNkZWZpbmUgQVJQQURBVEVfTEVOR1RIIDMyCQkv KiBDdXJyZW50IGRhdGUgaW4gUkZDIGZvcm1hdCAqLwogY2hhciBhcnBhZGF0ZVtBUlBBREFURV9M RU5HVEhdOwotY2hhciAqYXV0aF91c2VyID0gKGNoYXIpTlVMTDsKLWNoYXIgKmF1dGhfcGFzcyA9 IChjaGFyKU5VTEw7Ci1jaGFyICphdXRoX21ldGhvZCA9IChjaGFyKU5VTEw7CQkvKiBNZWNoYW5p c20gZm9yIFNNVFAgYXV0aGVudGljYXRpb24gKi8KLWNoYXIgKm1haWxfZG9tYWluID0gKGNoYXIp TlVMTDsKLWNoYXIgKmZyb20gPSAoY2hhcilOVUxMOwkJLyogVXNlIHRoaXMgYXMgdGhlIEZyb206 IGFkZHJlc3MgKi8KK2NoYXIgKmF1dGhfdXNlciA9IChjaGFyICopTlVMTDsKK2NoYXIgKmF1dGhf cGFzcyA9IChjaGFyICopTlVMTDsKK2NoYXIgKmF1dGhfbWV0aG9kID0gKGNoYXIgKilOVUxMOwkJ LyogTWVjaGFuaXNtIGZvciBTTVRQIGF1dGhlbnRpY2F0aW9uICovCitjaGFyICptYWlsX2RvbWFp biA9IChjaGFyICopTlVMTDsKK2NoYXIgKmZyb20gPSAoY2hhciAqKU5VTEw7CQkvKiBVc2UgdGhp cyBhcyB0aGUgRnJvbTogYWRkcmVzcyAqLwogY2hhciAqaG9zdG5hbWU7CiBjaGFyICptYWlsaG9z dCA9ICJtYWlsaHViIjsKLWNoYXIgKm1pbnVzX2YgPSAoY2hhcilOVUxMOwotY2hhciAqbWludXNf RiA9IChjaGFyKU5VTEw7CitjaGFyICptaW51c19mID0gKGNoYXIgKilOVUxMOworY2hhciAqbWlu dXNfRiA9IChjaGFyICopTlVMTDsKIGNoYXIgKmdlY29zOwotY2hhciAqcHJvZyA9IChjaGFyKU5V TEw7CitjaGFyICpwcm9nID0gKGNoYXIgKilOVUxMOwogY2hhciAqcm9vdCA9IE5VTEw7CiBjaGFy ICp0bHNfY2VydCA9ICIvZXRjL3NzbC9jZXJ0cy9zc210cC5wZW0iOwkvKiBEZWZhdWx0IENlcnRp ZmljYXRlICovCi1jaGFyICp1YWQgPSAoY2hhcilOVUxMOwotY2hhciAqY29uZmlnX2ZpbGUgPSAo Y2hhcilOVUxMOwkJLyogYWx0ZXJuYXRlIGNvbmZpZ3VyYXRpb24gZmlsZSAqLworY2hhciAqdWFk ID0gKGNoYXIgKilOVUxMOworY2hhciAqY29uZmlnX2ZpbGUgPSAoY2hhciAqKU5VTEw7CQkvKiBh bHRlcm5hdGUgY29uZmlndXJhdGlvbiBmaWxlICovCiAKIGhlYWRlcnNfdCBoZWFkZXJzLCAqaHQ7 CiAKQEAgLTI2MSw3ICsyNjEsNyBAQAogCiAJcCA9IChzdHIgKyBzdHJsZW4oc3RyKSk7CiAJd2hp bGUoaXNzcGFjZSgqLS1wKSkgewotCQkqcCA9IChjaGFyKU5VTEw7CisJCSpwID0gJ1wwJzsKIAl9 CiAKIAlyZXR1cm4ocCk7CkBAIC0yODcsNyArMjg3LDcgQEAKIAkJcSsrOwogCiAJCWlmKChwID0g c3RyY2hyKHEsICc+JykpKSB7Ci0JCQkqcCA9IChjaGFyKU5VTEw7CisJCQkqcCA9ICdcMCc7CiAJ CX0KIAogI2lmIDAKQEAgLTMxMCw3ICszMTAsNyBAQAogCXEgPSBzdHJpcF9wb3N0X3dzKHApOwog CWlmKCpxID09ICcpJykgewogCQl3aGlsZSgoKi0tcSAhPSAnKCcpKTsKLQkJKnEgPSAoY2hhcilO VUxMOworCQkqcSA9ICdcMCc7CiAJfQogCSh2b2lkKXN0cmlwX3Bvc3Rfd3MocCk7CiAKQEAgLTM1 Myw3ICszNTMsNyBAQAogCWNoYXIgKnA7CiAKIAlpZigocCA9IHN0cmNocihzdHIsICdcbicpKSkg ewotCQkqcCA9IChjaGFyKU5VTEw7CisJCSpwID0gJ1wwJzsKIAl9CiAKIAkvKiBBbnkgbGluZSBi ZWdpbm5pbmcgd2l0aCBhIGRvdCBoYXMgYW4gYWRkaXRpb25hbCBkb3QgaW5zZXJ0ZWQ7CkBAIC0z ODYsNyArMzg2LDcgQEAKIAkJd2hpbGUoZmdldHMoYnVmLCBzaXplb2YoYnVmKSwgZnApKSB7CiAJ CQkvKiBNYWtlIGNvbW1lbnRzIGludmlzaWJsZSAqLwogCQkJaWYoKHAgPSBzdHJjaHIoYnVmLCAn IycpKSkgewotCQkJCSpwID0gKGNoYXIpTlVMTDsKKwkJCQkqcCA9ICdcMCc7CiAJCQl9CiAKIAkJ CS8qIElnbm9yZSBtYWxmb3JtZWQgbGluZXMgYW5kIGNvbW1lbnRzICovCkBAIC00ODUsNiArNDg1 LDExIEBACiAJCQkJZGllKCJmcm9tX2Zvcm1hdCgpIC0tIHNucHJpbnRmKCkgZmFpbGVkIik7CiAJ CQl9CiAJCX0KKwkJZWxzZSB7CisJCQlpZihzbnByaW50ZihidWYsIEJVRl9TWiwgIiVzIiwgc3Ry KSA9PSAtMSkgeworCQkJCWRpZSgiZnJvbV9mb3JtYXQoKSAtLSBzbnByaW50ZigpIGZhaWxlZCIp OworCQkJfQorCQl9CiAJfQogCiAjaWYgMApAQCAtNTE2LDcgKzUyMSw3IEBACiAjZW5kaWYKIAog CS8qIElnbm9yZSBtaXNzaW5nIHVzZXJuYW1lcyAqLwotCWlmKCpzdHIgPT0gKGNoYXIpTlVMTCkg eworCWlmKCpzdHIgPT0gJ1wwJykgewogCQlyZXR1cm47CiAJfQogCkBAIC01NzMsNyArNTc4LDcg QEAKIAkJfQogCiAJCS8qIEVuZCBvZiBzdHJpbmc/ICovCi0JCWlmKCoocSArIDEpID09IChjaGFy KU5VTEwpIHsKKwkJaWYoKihxICsgMSkgPT0gJ1wwJykgewogCQkJZ290X2FkZHIgPSBUcnVlOwog CQl9CiAKQEAgLTU4MSw3ICs1ODYsNyBAQAogCQlpZigoKnEgPT0gJywnKSAmJiAoaW5fcXVvdGVz ID09IEZhbHNlKSkgewogCQkJZ290X2FkZHIgPSBUcnVlOwogCi0JCQkqcSA9IChjaGFyKU5VTEw7 CisJCQkqcSA9ICdcMCc7CiAJCX0KIAogCQlpZihnb3RfYWRkcikgewpAQCAtNjczLDcgKzY3OCw3 IEBACiAJaWYoc3RybmNhc2VjbXAoaHQtPnN0cmluZywgIkZyb206IiwgNSkgPT0gMCkgewogI2lm IDEKIAkJLyogSGFjayBjaGVjayBmb3IgTlVMTCBGcm9tOiBsaW5lICovCi0JCWlmKCoocCArIDYp ID09IChjaGFyKU5VTEwpIHsKKwkJaWYoKihwICsgNikgPT0gJ1wwJykgewogCQkJcmV0dXJuOwog CQl9CiAjZW5kaWYKQEAgLTczOCw3ICs3NDMsNyBAQAogCXNpemVfdCBzaXplID0gQlVGX1NaLCBs ZW4gPSAwOwogCWNoYXIgKnAgPSAoY2hhciAqKU5VTEwsICpxOwogCWJvb2xfdCBpbl9oZWFkZXIg PSBUcnVlOwotCWNoYXIgbCA9IChjaGFyKU5VTEw7CisJY2hhciBsID0gJ1wwJzsKIAlpbnQgYzsK IAogCXdoaWxlKGluX2hlYWRlciAmJiAoKGMgPSBmZ2V0YyhzdHJlYW0pKSAhPSBFT0YpKSB7CkBA IC03NzMsOSArNzc4LDkgQEAKIAkJCQkJCWluX2hlYWRlciA9IEZhbHNlOwogCiAJCQkJZGVmYXVs dDoKLQkJCQkJCSpxID0gKGNoYXIpTlVMTDsKKwkJCQkJCSpxID0gJ1wwJzsKIAkJCQkJCWlmKChx ID0gc3RycmNocihwLCAnXG4nKSkpIHsKLQkJCQkJCQkqcSA9IChjaGFyKU5VTEw7CisJCQkJCQkJ KnEgPSAnXDAnOwogCQkJCQkJfQogCQkJCQkJaGVhZGVyX3NhdmUocCk7CiAKQEAgLTgwNiw5ICs4 MTEsOSBAQAogCQkJCQkJaW5faGVhZGVyID0gRmFsc2U7CiAKIAkJCQlkZWZhdWx0OgotCQkJCQkJ KnEgPSAoY2hhcilOVUxMOworCQkJCQkJKnEgPSAnXDAnOwogCQkJCQkJaWYoKHEgPSBzdHJyY2hy KHAsICdcbicpKSkgewotCQkJCQkJCSpxID0gKGNoYXIpTlVMTDsKKwkJCQkJCQkqcSA9ICdcMCc7 CiAJCQkJCQl9CiAJCQkJCQloZWFkZXJfc2F2ZShwKTsKIApAQCAtODgyLDcgKzg4Nyw3IEBACiAJ CWNoYXIgKnJpZ2h0c2lkZTsKIAkJLyogTWFrZSBjb21tZW50cyBpbnZpc2libGUgKi8KIAkJaWYo KHAgPSBzdHJjaHIoYnVmLCAnIycpKSkgewotCQkJKnAgPSAoY2hhcilOVUxMOworCQkJKnAgPSAn XDAnOwogCQl9CiAKIAkJLyogSWdub3JlIG1hbGZvcm1lZCBsaW5lcyBhbmQgY29tbWVudHMgKi8K QEAgLTEzMTAsNyArMTMxNSw3IEBACiAJCQlidWZbaSsrXSA9IGM7CiAJCX0KIAl9Ci0JYnVmW2ld ID0gKGNoYXIpTlVMTDsKKwlidWZbaV0gPSAnXDAnOwogCiAJcmV0dXJuKGJ1Zik7CiB9CkBAIC0x NzIzLDcgKzE3MjgsNyBAQAogCQlqID0gMDsKIAogCQlhZGQgPSAxOwotCQl3aGlsZShhcmd2W2ld Wysral0gIT0gKGNoYXIpTlVMTCkgeworCQl3aGlsZShhcmd2W2ldWysral0gIT0gJ1wwJykgewog CQkJc3dpdGNoKGFyZ3ZbaV1bal0pIHsKICNpZmRlZiBJTkVUNgogCQkJY2FzZSAnNic6Cg== 165005 2008-09-09 12:34 0000 ssmtp-unitialized-strdup.patch ssmtp-unitialized-strdup.patch text/plain LS0tIHNzbXRwLm9yaWcvc3NtdHAuYworKysgc3NtdHAvc3NtdHAuYwpAQCAtNDg1LDYgKzQ4NSwx MSBAQCBjaGFyICpmcm9tX2Zvcm1hdChjaGFyICpzdHIsIGJvb2xfdCBvdmVyCiAJCQkJZGllKCJm cm9tX2Zvcm1hdCgpIC0tIHNucHJpbnRmKCkgZmFpbGVkIik7CiAJCQl9CiAJCX0KKwkJZWxzZSB7 CisJCQlpZihzbnByaW50ZihidWYsIEJVRl9TWiwgIiVzIiwgc3RyKSA9PSAtMSkgeworCQkJCWRp ZSgiZnJvbV9mb3JtYXQoKSAtLSBzbnByaW50ZigpIGZhaWxlZCIpOworCQkJfQorCQl9CiAJfQog CiAjaWYgMAo=