dovecot: Fix CVE-2020-12673

Added patch for CVE-2020-12673 Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: sana kazi <sanakazisk19@gmail.com> 2021-12-03 17:59:08 +0530
committer: Armin Kuster <akuster808@gmail.com> 2021-12-03 12:23:38 -0800
commit: 7804c8e5bd2975c9829e1667ab1954373a3ede48 (patch)
tree: a7535428a721fe86c03c5e274a52f6f4850ea27f
parent: 00ad99f4f9a06d66bd5686d2b1dd07c578c8dc2a (diff)
download: meta-openembedded-7804c8e5bd2975c9829e1667ab1954373a3ede48.tar.gz
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch
new file mode 100644
index 000000000..81aead8aa
--- /dev/null
+++ b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch
@@ -0,0 +1,37 @@
+Backport of:
+From 1c6405d3026e5ceae3d214d63945bba85251af4c Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 18 May 2020 12:33:39 +0300
+Subject: [PATCH 2/3] lib-ntlm: Check buffer length on responses
+Add missing check for buffer length.
+If this is not checked, it is possible to send message which
+causes read past buffer bug.
+Broken in c7480644202e5451fbed448508ea29a25cffc99c
+---
+ src/lib-ntlm/ntlm-message.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
+CVE: CVE-2020-12673
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz]
+Comment: No change in any hunk
+--- a/src/lib-ntlm/ntlm-message.c
+++ b/src/lib-ntlm/ntlm-message.c
+@@ -184,6 +184,11 @@ static int ntlmssp_check_buffer(const st
+        if (length == 0 && space == 0)
+                return 1;
+ 
+       if (length > data_size) {
+               *error = "buffer length out of bounds";
+               return 0;
+       }
+
+        if (offset >= data_size) {
+                *error = "buffer offset out of bounds";
+                return 0;
diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb
index 407604c81..e36e51c28 100644
--- a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://dovecot.org/releases/2.2/dovecot-${PV}.tar.gz \
           file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \
           file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \
           file://buffer_free_fix.patch \
+           file://0002-lib-ntlm-Check-buffer-length-on-responses.patch \
           "
 SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2"
author	sana kazi <sanakazisk19@gmail.com>	2021-12-03 17:59:08 +0530
committer	Armin Kuster <akuster808@gmail.com>	2021-12-03 12:23:38 -0800
commit	7804c8e5bd2975c9829e1667ab1954373a3ede48 (patch)
tree	a7535428a721fe86c03c5e274a52f6f4850ea27f
parent	00ad99f4f9a06d66bd5686d2b1dd07c578c8dc2a (diff)
download	meta-openembedded-7804c8e5bd2975c9829e1667ab1954373a3ede48.tar.gz

diff --git a/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch new file mode 100644 index 000000000..81aead8aa --- /dev/null +++ b/meta-networking/recipes-support/dovecot/dovecot/0002-lib-ntlm-Check-buffer-length-on-responses.patch
@@ -0,0 +1,37 @@
		1	Backport of:
		2
		3	From 1c6405d3026e5ceae3d214d63945bba85251af4c Mon Sep 17 00:00:00 2001
		4	From: Aki Tuomi <aki.tuomi@open-xchange.com>
		5	Date: Mon, 18 May 2020 12:33:39 +0300
		6	Subject: [PATCH 2/3] lib-ntlm: Check buffer length on responses
		7
		8	Add missing check for buffer length.
		9
		10	If this is not checked, it is possible to send message which
		11	causes read past buffer bug.
		12
		13	Broken in c7480644202e5451fbed448508ea29a25cffc99c
		14	---
		15	src/lib-ntlm/ntlm-message.c \| 5 +++++
		16	1 file changed, 5 insertions(+)
		17
		18	Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
		19
		20	CVE: CVE-2020-12673
		21	Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz]
		22	Comment: No change in any hunk
		23
		24	--- a/src/lib-ntlm/ntlm-message.c
		25	+++ b/src/lib-ntlm/ntlm-message.c
		26	@@ -184,6 +184,11 @@ static int ntlmssp_check_buffer(const st
		27	if (length == 0 && space == 0)
		28	return 1;
		29
		30	+ if (length > data_size) {
		31	+ *error = "buffer length out of bounds";
		32	+ return 0;
		33	+ }
		34	+
		35	if (offset >= data_size) {
		36	*error = "buffer offset out of bounds";
		37	return 0;


diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb index 407604c81..e36e51c28 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.2.36.4.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://dovecot.org/releases/2.2/dovecot-${PV}.tar.gz \
24	file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \	24	file://0012-lib-mail-Fix-handling-trailing-in-MIME-boundaries.patch \
25	file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \	25	file://0013-lib-mail-Fix-parse_too_many_nested_mime_parts.patch \
26	file://buffer_free_fix.patch \	26	file://buffer_free_fix.patch \
		27	file://0002-lib-ntlm-Check-buffer-length-on-responses.patch \
27	"	28	"
28		29
29	SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2"	30	SRC_URI[md5sum] = "66c4d71858b214afee5b390ee602dee2"