Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 163507 Details for
Bug 234391
mail-mta/ssmtp <2.62-r3 unitialized memory disclosure (CVE-2008-3962)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch. Removed fix for off-by-one that wasn't an off-by-one.
ssmtp-2.62-typecasts-and-from-fix.patch (text/plain), 3.95 KB, created by
Maurice van der Pot (RETIRED)
on 2008-08-21 17:57:12 UTC
(
hide
)
Description:
Updated patch. Removed fix for off-by-one that wasn't an off-by-one.
Filename:
MIME Type:
Creator:
Maurice van der Pot (RETIRED)
Created:
2008-08-21 17:57:12 UTC
Size:
3.95 KB
patch
obsolete
>diff -ruN ssmtp-original/ssmtp.c ssmtp-fixed/ssmtp.c >--- ssmtp-original/ssmtp.c 2008-08-10 18:26:33.000000000 +0200 >+++ ssmtp-fixed/ssmtp.c 2008-08-10 19:38:22.000000000 +0200 >@@ -55,21 +55,21 @@ > > #define ARPADATE_LENGTH 32 /* Current date in RFC format */ > char arpadate[ARPADATE_LENGTH]; >-char *auth_user = (char)NULL; >-char *auth_pass = (char)NULL; >-char *auth_method = (char)NULL; /* Mechanism for SMTP authentication */ >-char *mail_domain = (char)NULL; >-char *from = (char)NULL; /* Use this as the From: address */ >+char *auth_user = (char *)NULL; >+char *auth_pass = (char *)NULL; >+char *auth_method = (char *)NULL; /* Mechanism for SMTP authentication */ >+char *mail_domain = (char *)NULL; >+char *from = (char *)NULL; /* Use this as the From: address */ > char *hostname; > char *mailhost = "mailhub"; >-char *minus_f = (char)NULL; >-char *minus_F = (char)NULL; >+char *minus_f = (char *)NULL; >+char *minus_F = (char *)NULL; > char *gecos; >-char *prog = (char)NULL; >+char *prog = (char *)NULL; > char *root = NULL; > char *tls_cert = "/etc/ssl/certs/ssmtp.pem"; /* Default Certificate */ >-char *uad = (char)NULL; >-char *config_file = (char)NULL; /* alternate configuration file */ >+char *uad = (char *)NULL; >+char *config_file = (char *)NULL; /* alternate configuration file */ > > headers_t headers, *ht; > >@@ -261,7 +261,7 @@ > > p = (str + strlen(str)); > while(isspace(*--p)) { >- *p = (char)NULL; >+ *p = '\0'; > } > > return(p); >@@ -287,7 +287,7 @@ > q++; > > if((p = strchr(q, '>'))) { >- *p = (char)NULL; >+ *p = '\0'; > } > > #if 0 >@@ -310,7 +310,7 @@ > q = strip_post_ws(p); > if(*q == ')') { > while((*--q != '(')); >- *q = (char)NULL; >+ *q = '\0'; > } > (void)strip_post_ws(p); > >@@ -353,7 +353,7 @@ > char *p; > > if((p = strchr(str, '\n'))) { >- *p = (char)NULL; >+ *p = '\0'; > } > > /* Any line beginning with a dot has an additional dot inserted; >@@ -386,7 +386,7 @@ > while(fgets(buf, sizeof(buf), fp)) { > /* Make comments invisible */ > if((p = strchr(buf, '#'))) { >- *p = (char)NULL; >+ *p = '\0'; > } > > /* Ignore malformed lines and comments */ >@@ -485,6 +485,11 @@ > die("from_format() -- snprintf() failed"); > } > } >+ else { >+ if(snprintf(buf, BUF_SZ, "%s", str) == -1) { >+ die("from_format() -- snprintf() failed"); >+ } >+ } > } > > #if 0 >@@ -516,7 +521,7 @@ > #endif > > /* Ignore missing usernames */ >- if(*str == (char)NULL) { >+ if(*str == '\0') { > return; > } > >@@ -573,7 +578,7 @@ > } > > /* End of string? */ >- if(*(q + 1) == (char)NULL) { >+ if(*(q + 1) == '\0') { > got_addr = True; > } > >@@ -581,7 +586,7 @@ > if((*q == ',') && (in_quotes == False)) { > got_addr = True; > >- *q = (char)NULL; >+ *q = '\0'; > } > > if(got_addr) { >@@ -673,7 +678,7 @@ > if(strncasecmp(ht->string, "From:", 5) == 0) { > #if 1 > /* Hack check for NULL From: line */ >- if(*(p + 6) == (char)NULL) { >+ if(*(p + 6) == '\0') { > return; > } > #endif >@@ -738,7 +743,7 @@ > size_t size = BUF_SZ, len = 0; > char *p = (char *)NULL, *q; > bool_t in_header = True; >- char l = (char)NULL; >+ char l = '\0'; > int c; > > while(in_header && ((c = fgetc(stream)) != EOF)) { >@@ -773,9 +778,9 @@ > in_header = False; > > default: >- *q = (char)NULL; >+ *q = '\0'; > if((q = strrchr(p, '\n'))) { >- *q = (char)NULL; >+ *q = '\0'; > } > header_save(p); > >@@ -806,9 +811,9 @@ > in_header = False; > > default: >- *q = (char)NULL; >+ *q = '\0'; > if((q = strrchr(p, '\n'))) { >- *q = (char)NULL; >+ *q = '\0'; > } > header_save(p); > >@@ -882,7 +887,7 @@ > char *rightside; > /* Make comments invisible */ > if((p = strchr(buf, '#'))) { >- *p = (char)NULL; >+ *p = '\0'; > } > > /* Ignore malformed lines and comments */ >@@ -1310,7 +1315,7 @@ > buf[i++] = c; > } > } >- buf[i] = (char)NULL; >+ buf[i] = '\0'; > > return(buf); > } >@@ -1723,7 +1728,7 @@ > j = 0; > > add = 1; >- while(argv[i][++j] != (char)NULL) { >+ while(argv[i][++j] != '\0') { > switch(argv[i][j]) { > #ifdef INET6 > case '6':
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 234391
:
162630
| 163507 |
165005