diff options
author | drochner <drochner@pkgsrc.org> | 2012-08-09 10:06:46 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2012-08-09 10:06:46 +0000 |
commit | d62a45d9dcae6b04ddb7d15ca0c52335cd04e3d1 (patch) | |
tree | 909fc21f2e420c916a72ffc940ba99812c92eb77 /chat | |
parent | 43163dc9479bce78cd2eb1c9e347f9904b89cdf8 (diff) | |
download | pkgsrc-d62a45d9dcae6b04ddb7d15ca0c52335cd04e3d1.tar.gz |
att patches from upstream to fix buffer overflow in the base64
decoder which can lead to crashes or potentially code injection
(CVE-2012-3461)
bump PKGREV
Diffstat (limited to 'chat')
-rw-r--r-- | chat/libotr/Makefile | 4 | ||||
-rw-r--r-- | chat/libotr/distinfo | 6 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-aa | 46 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-ab | 36 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-ac | 45 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-ad | 27 |
6 files changed, 161 insertions, 3 deletions
diff --git a/chat/libotr/Makefile b/chat/libotr/Makefile index 5a8a70b1222..fbd10d13dff 100644 --- a/chat/libotr/Makefile +++ b/chat/libotr/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.10 2011/04/22 13:42:48 obache Exp $ +# $NetBSD: Makefile,v 1.11 2012/08/09 10:06:46 drochner Exp $ VERSION= 3.2.0 DISTNAME= libotr-${VERSION} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= chat security MASTER_SITES= http://www.cypherpunks.ca/otr/ diff --git a/chat/libotr/distinfo b/chat/libotr/distinfo index 293864d70ce..50b4bfa1c0d 100644 --- a/chat/libotr/distinfo +++ b/chat/libotr/distinfo @@ -1,5 +1,9 @@ -$NetBSD: distinfo,v 1.6 2008/06/17 13:58:08 gdt Exp $ +$NetBSD: distinfo,v 1.7 2012/08/09 10:06:47 drochner Exp $ SHA1 (libotr-3.2.0.tar.gz) = e5e10b8ddaf59b0ada6046d156d0431cd2790db9 RMD160 (libotr-3.2.0.tar.gz) = 937f512415eb3b82d5730b1aafbe5d55f4f153da Size (libotr-3.2.0.tar.gz) = 430299 bytes +SHA1 (patch-CVE-2012-3461-aa) = f1faa1e43da256d44194817aeb59b3e92ddaffb2 +SHA1 (patch-CVE-2012-3461-ab) = 2827193d1cd440700f09cd7312ec9954a81aea11 +SHA1 (patch-CVE-2012-3461-ac) = abbecb337f3a7109b4a41debb2109528c64e22a0 +SHA1 (patch-CVE-2012-3461-ad) = 13edba7d8f16fc122ce2fd4fb2579e7e70056d5a diff --git a/chat/libotr/patches/patch-CVE-2012-3461-aa b/chat/libotr/patches/patch-CVE-2012-3461-aa new file mode 100644 index 00000000000..a87e9fff30e --- /dev/null +++ b/chat/libotr/patches/patch-CVE-2012-3461-aa @@ -0,0 +1,46 @@ +$NetBSD: patch-CVE-2012-3461-aa,v 1.1 2012/08/09 10:06:47 drochner Exp $ + +--- src/b64.c.orig 2008-05-27 12:35:28.000000000 +0000 ++++ src/b64.c +@@ -55,7 +55,7 @@ VERSION HISTORY: + \******************************************************************* */ + + /* system headers */ +-#include <stdlib.h> ++#include <stdio.h> + #include <string.h> + + /* libotr headers */ +@@ -147,8 +147,9 @@ static size_t decode(unsigned char *out, + * base64 decode data. Skip non-base64 chars, and terminate at the + * first '=', or the end of the buffer. + * +- * The buffer data must contain at least (base64len / 4) * 3 bytes of +- * space. This function will return the number of bytes actually used. ++ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes ++ * of space. This function will return the number of bytes actually ++ * used. + */ + size_t otrl_base64_decode(unsigned char *data, const char *base64data, + size_t base64len) +@@ -234,13 +235,18 @@ int otrl_base64_otr_decode(const char *m + return -2; + } + ++ /* Skip over the "?OTR:" */ ++ otrtag += 5; ++ msglen -= 5; ++ + /* Base64-decode the message */ +- rawlen = ((msglen-5) / 4) * 3; /* maximum possible */ ++ rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */ + rawmsg = malloc(rawlen); + if (!rawmsg && rawlen > 0) { + return -1; + } +- rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */ ++ ++ rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */ + + *bufp = rawmsg; + *lenp = rawlen; diff --git a/chat/libotr/patches/patch-CVE-2012-3461-ab b/chat/libotr/patches/patch-CVE-2012-3461-ab new file mode 100644 index 00000000000..303da92fd1f --- /dev/null +++ b/chat/libotr/patches/patch-CVE-2012-3461-ab @@ -0,0 +1,36 @@ +$NetBSD: patch-CVE-2012-3461-ab,v 1.1 2012/08/09 10:06:47 drochner Exp $ + +--- src/b64.h.orig 2008-05-27 12:35:28.000000000 +0000 ++++ src/b64.h +@@ -20,6 +20,19 @@ + #ifndef __B64_H__ + #define __B64_H__ + ++#include <stdlib.h> ++ ++/* Base64 encodes blocks of this many bytes: */ ++#define OTRL_B64_DECODED_LEN 3 ++/* into blocks of this many bytes: */ ++#define OTRL_B64_ENCODED_LEN 4 ++ ++/* An encoded block of length encoded_len can turn into a maximum of ++ * this many decoded bytes: */ ++#define OTRL_B64_MAX_DECODED_SIZE(encoded_len) \ ++ (((encoded_len + OTRL_B64_ENCODED_LEN - 1) / OTRL_B64_ENCODED_LEN) \ ++ * OTRL_B64_DECODED_LEN) ++ + /* + * base64 encode data. Insert no linebreaks or whitespace. + * +@@ -33,8 +46,9 @@ size_t otrl_base64_encode(char *base64da + * base64 decode data. Skip non-base64 chars, and terminate at the + * first '=', or the end of the buffer. + * +- * The buffer data must contain at least (base64len / 4) * 3 bytes of +- * space. This function will return the number of bytes actually used. ++ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes ++ * of space. This function will return the number of bytes actually ++ * used. + */ + size_t otrl_base64_decode(unsigned char *data, const char *base64data, + size_t base64len); diff --git a/chat/libotr/patches/patch-CVE-2012-3461-ac b/chat/libotr/patches/patch-CVE-2012-3461-ac new file mode 100644 index 00000000000..1690cb856d1 --- /dev/null +++ b/chat/libotr/patches/patch-CVE-2012-3461-ac @@ -0,0 +1,45 @@ +$NetBSD: patch-CVE-2012-3461-ac,v 1.1 2012/08/09 10:06:47 drochner Exp $ + +--- src/proto.c.orig 2008-05-27 12:35:28.000000000 +0000 ++++ src/proto.c +@@ -537,13 +537,17 @@ gcry_error_t otrl_proto_data_read_flags( + msglen = strlen(otrtag); + } + ++ /* Skip over the "?OTR:" */ ++ otrtag += 5; ++ msglen -= 5; ++ + /* Base64-decode the message */ +- rawlen = ((msglen-5) / 4) * 3; /* maximum possible */ ++ rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */ + rawmsg = malloc(rawlen); + if (!rawmsg && rawlen > 0) { + return gcry_error(GPG_ERR_ENOMEM); + } +- rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */ ++ rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */ + + bufp = rawmsg; + lenp = rawlen; +@@ -606,14 +610,18 @@ gcry_error_t otrl_proto_accept_data(char + msglen = strlen(otrtag); + } + ++ /* Skip over the "?OTR:" */ ++ otrtag += 5; ++ msglen -= 5; ++ + /* Base64-decode the message */ +- rawlen = ((msglen-5) / 4) * 3; /* maximum possible */ ++ rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */ + rawmsg = malloc(rawlen); + if (!rawmsg && rawlen > 0) { + err = gcry_error(GPG_ERR_ENOMEM); + goto err; + } +- rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */ ++ rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */ + + bufp = rawmsg; + lenp = rawlen; diff --git a/chat/libotr/patches/patch-CVE-2012-3461-ad b/chat/libotr/patches/patch-CVE-2012-3461-ad new file mode 100644 index 00000000000..478448a2d33 --- /dev/null +++ b/chat/libotr/patches/patch-CVE-2012-3461-ad @@ -0,0 +1,27 @@ +$NetBSD: patch-CVE-2012-3461-ad,v 1.1 2012/08/09 10:06:47 drochner Exp $ + +--- toolkit/parse.c.orig 2008-05-27 12:35:28.000000000 +0000 ++++ toolkit/parse.c +@@ -64,7 +64,8 @@ static unsigned char *decode(const char + { + const char *header, *footer; + unsigned char *raw; +- ++ size_t rawlen; ++ + /* Find the header */ + header = strstr(msg, "?OTR:"); + if (!header) return NULL; +@@ -75,8 +76,10 @@ static unsigned char *decode(const char + footer = strchr(header, '.'); + if (!footer) footer = header + strlen(header); + +- raw = malloc((footer-header) / 4 * 3); +- if (raw == NULL && (footer-header >= 4)) return NULL; ++ rawlen = OTRL_B64_MAX_DECODED_SIZE(footer-header); ++ ++ raw = malloc(rawlen); ++ if (raw == NULL && rawlen > 0) return NULL; + *lenp = otrl_base64_decode(raw, header, footer-header); + + return raw; |