diff options
author | sana kazi <sanakazisk19@gmail.com> | 2021-12-03 17:59:08 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-12-03 12:23:38 -0800 |
commit | 7804c8e5bd2975c9829e1667ab1954373a3ede48 (patch) | |
tree | a7535428a721fe86c03c5e274a52f6f4850ea27f | |
parent | 00ad99f4f9a06d66bd5686d2b1dd07c578c8dc2a (diff) | |
download | meta-openembedded-7804c8e5bd2975c9829e1667ab1954373a3ede48.tar.gz |
dovecot: Fix CVE-2020-12673
Added patch for CVE-2020-12673
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch | 37 | ||||
-rw-r--r-- | meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch new file mode 100644 index 000000000..81aead8aa --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | Backport of: | ||
2 | |||
3 | From 1c6405d3026e5ceae3d214d63945bba85251af4c Mon Sep 17 00:00:00 2001 | ||
4 | From: Aki Tuomi <aki.tuomi@open-xchange.com> | ||
5 | Date: Mon, 18 May 2020 12:33:39 +0300 | ||
6 | Subject: [PATCH 2/3] lib-ntlm: Check buffer length on responses | ||
7 | |||
8 | Add missing check for buffer length. | ||
9 | |||
10 | If this is not checked, it is possible to send message which | ||
11 | causes read past buffer bug. | ||
12 | |||
13 | Broken in c7480644202e5451fbed448508ea29a25cffc99c | ||
14 | --- | ||
15 | src/lib-ntlm/ntlm-message.c | 5 +++++ | ||
16 | 1 file changed, 5 insertions(+) | ||
17 | |||
18 | Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> | ||
19 | |||
20 | CVE: CVE-2020-12673 | ||
21 | Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz] | ||
22 | Comment: No change in any hunk | ||
23 | |||
24 | --- a/src/lib-ntlm/ntlm-message.c | ||
25 | +++ b/src/lib-ntlm/ntlm-message.c | ||
26 | @@ -184,6 +184,11 @@ static int ntlmssp_check_buffer(const st | ||
27 | if (length == 0 && space == 0) | ||
28 | return 1; | ||
29 | |||
30 | + if (length > data_size) { | ||
31 | + *error = "buffer length out of bounds"; | ||
32 | + return 0; | ||
33 | + } | ||
34 | + | ||
35 | if (offset >= data_size) { | ||
36 | *error = "buffer offset out of bounds"; | ||
37 | return 0; | ||
diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb index 407604c81..e36e51c28 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb | |||
@@ -24,6 +24,7 @@ SRC_URI = "http://dovecot.org/releases/2.2/dovecot-${PV}.tar.gz \ | |||
24 | file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \ | 24 | file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \ |
25 | file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \ | 25 | file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \ |
26 | file://buffer_free_fix.patch \ | 26 | file://buffer_free_fix.patch \ |
27 | file://0002-lib-ntlm-Check-buffer-length-on-responses.patch \ | ||
27 | " | 28 | " |
28 | 29 | ||
29 | SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2" | 30 | SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2" |