Update to 1.5 to fix security vulnerability issues.

- Add more patches to totally eliminate strcpy(); this code is horrible.
author: christos <christos@pkgsrc.org> 2005-04-13 16:19:59 +0000
committer: christos <christos@pkgsrc.org> 2005-04-13 16:19:59 +0000
commit: e8f1c6171bfcda41ce6bf3bf1e4e57ee67e184e4 (patch)
tree: 212be61f39b67c3ad360283029dbab130083c523 /mail/gld/patches
parent: 35de2919d327b7123a9b9fd7378af8dc47645d66 (diff)
download: pkgsrc-e8f1c6171bfcda41ce6bf3bf1e4e57ee67e184e4.tar.gz
2 files changed, 311 insertions, 5 deletions
diff --git a/mail/gld/patches/patch-aa b/mail/gld/patches/patch-aa
index 54ec17d64a0..7cf57442817 100644
--- a/mail/gld/patches/patch-aa
+++ b/mail/gld/patches/patch-aa
@@ -1,15 +1,15 @@
-$NetBSD: patch-aa,v 1.1.1.1 2004/11/25 05:42:40 xtraeme Exp $
+$NetBSD: patch-aa,v 1.2 2005/04/13 16:19:59 christos Exp $
 
---- Makefile.in.orig	2004-07-14 22:52:53.000000000 +0200
-+++ Makefile.in	2004-11-25 05:53:05.000000000 +0100
+--- Makefile.in.orig	2004-10-12 08:41:49.000000000 -0400
++++ Makefile.in	2005-04-13 11:53:50.000000000 -0400
 @@ -1,8 +1,8 @@
  all: gld
  
  gld: cnf.o server.o sql.o sockets.o greylist.o gld.h
--	@CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @MYSQL_LIBS@ -o gld
+-	@CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @LIBS@ @SQL_LIBS@ -o gld
 -	strip gld
 +	@CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o \
-+		$(LDFLAGS) -lmysqlclient -o gld
++	    $(LDFLAGS) -lmysqlclient -o gld
  
  sockets.o: sockets.c sockets.h
  	@CC@ -O2 @DEFS@ -Wall -c sockets.c
diff --git a/mail/gld/patches/patch-ab b/mail/gld/patches/patch-ab
new file mode 100644
index 00000000000..9dc60be8e4e
--- /dev/null
+++ b/mail/gld/patches/patch-ab
@@ -0,0 +1,306 @@
+$NetBSD: patch-ab,v 1.1 2005/04/13 16:19:59 christos Exp $
+
+--- greylist.c.orig	2005-04-13 05:26:10.000000000 -0400
++++ greylist.c	2005-04-13 12:03:39.000000000 -0400
+@@ -21,8 +21,11 @@
+ 
+ ts=time(0);
+ strncpy(oip,ip,sizeof(oip)-1);
++oip[sizeof(oip)-1] = '\0';
+ strncpy(osender,sender,sizeof(osender)-1);
++osender[sizeof(osender)-1] = '\0';
+ strncpy(orecipient,recipient,sizeof(orecipient)-1);
++orecipient[sizeof(orecipient)-1] = '\0';
+ 
+ if(conf->debug==1) printf("%d: Starting the greylist algo\n",pid);
+ 
+@@ -68,10 +71,18 @@
+         if(conf->debug==1) printf("%d: lightgrey on domain is on, let's keep the domain only on recipient and sender\n",pid);
+ 
+         domain=(char *)strstr(osender,"@");
+-	if(domain!=NULL) strncpy(sender,domain,BLEN-1);
++	if(domain!=NULL)
++		{
++		strncpy(sender,domain,BLEN-1);
++		sender[BLEN-1] = '\0';
++		}
+ 
+         domain=(char *)strstr(orecipient,"@");
+-	if(domain!=NULL) strncpy(recipient,domain,BLEN-1);
++	if(domain!=NULL)
++		{
++		strncpy(recipient,domain,BLEN-1);
++		recipient[BLEN-1] = '\0';
++		}
+         }
+ 
+ //
+@@ -119,6 +130,7 @@
+ 		if(domain==NULL) domain=osender;
+ 
+ 		strncpy(netw,oip,sizeof(netw)-1);
++		netw[sizeof(netw)-1] = '\0';
+ 		l=strlen(netw);
+ 		for(i=l-1;i>=0;i--)
+ 			if(netw[i]=='.')
+@@ -148,7 +160,7 @@
+ 		if(x==4)
+ 			{
+ 			snprintf(query,sizeof(query)-1,"%d.%d.%d.%d.%s",d,c,b,a,conf->dnswl);
+-			n=DnsIp(query,NULL);
++			n=DnsIp(query,NULL, 0);
+ 			if(conf->debug==1) printf("%d: DNSQuery=(%s) result=%ld\n",pid,query,n);
+ 			if(n==0)
+ 				{
+--- cnf.c.orig	2005-04-13 12:06:54.000000000 -0400
++++ cnf.c	2005-04-13 12:11:51.000000000 -0400
+@@ -36,11 +36,16 @@
+ 
+ // We set the default values
+ 
+-strcpy(conf->sqlhost,"localhost");
+-strcpy(conf->sqluser,"myuser");
+-strcpy(conf->sqldb,"mydb");
+-strcpy(conf->sqlpasswd,"mypasswd");
+-strcpy(conf->message,"Greylisted");
++strncpy(conf->sqlhost,"localhost",sizeof(conf->sqlhost)-1);
++conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0';
++strncpy(conf->sqluser,"myuser",sizeof(conf->sqluser)-1);
++conf->sqluser[sizeof(conf->sqluser)-1] = '\0';
++strncpy(conf->sqldb,"mydb",sizeof(conf->sqldb)-1);
++conf->sqldb[sizeof(conf->sqldb)-1] = '\0';
++strncpy(conf->sqlpasswd,"mypasswd",sizeof(conf->sqlpasswd)-1);
++conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0';
++strncpy(conf->message,"Greylisted",sizeof(conf->message)-1);
++conf->message[sizeof(conf->message)-1] = '\0';
+ conf->port=2525;
+ conf->maxcon=100;
+ conf->mini=60;
+@@ -73,14 +78,46 @@
+ 		buffer[strlen(buffer)-1]=0;
+                 *p=0;
+                 if(strcmp(buffer,"CLIENTS")==0) ReadClients(conf,p+1);
+-                if(strcmp(buffer,"USER")==0) strcpy(conf->user,p+1);
+-                if(strcmp(buffer,"GROUP")==0) strcpy(conf->grp,p+1);
+-                if(strcmp(buffer,"DNSWL")==0) strcpy(conf->dnswl,p+1);
+-                if(strcmp(buffer,"SQLHOST")==0) strcpy(conf->sqlhost,p+1);
+-                if(strcmp(buffer,"SQLUSER")==0) strcpy(conf->sqluser,p+1);
+-                if(strcmp(buffer,"SQLDB")==0) strcpy(conf->sqldb,p+1);
+-                if(strcmp(buffer,"SQLPASSWD")==0) strcpy(conf->sqlpasswd,p+1);
+-                if(strcmp(buffer,"MESSAGE")==0) strcpy(conf->message,p+1);
++                if(strcmp(buffer,"USER")==0)
++			{
++			strncpy(conf->user,p+1,sizeof(conf->user)-1);
++			conf->user[sizeof(conf->user)-1] = '\0';
++			}
++                if(strcmp(buffer,"GROUP")==0)
++			{
++			strncpy(conf->grp,p+1,sizeof(conf->grp)-1);
++			conf->grp[sizeof(conf->grp)-1] = '\0';
++			}
++                if(strcmp(buffer,"DNSWL")==0)
++			{
++			strncpy(conf->dnswl,p+1,sizeof(conf->dnswl)-1);
++			conf->dnswl[sizeof(conf->dnswl)-1] = '\0';
++			}
++                if(strcmp(buffer,"SQLHOST")==0)
++			{
++			strncpy(conf->sqlhost,p+1,sizeof(conf->sqlhost)-1);
++			conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0';
++			}
++                if(strcmp(buffer,"SQLUSER")==0)
++			{
++			strncpy(conf->sqluser,p+1,sizeof(conf->sqluser)-1);
++			conf->sqluser[sizeof(conf->sqluser)-1] = '\0';
++			}
++                if(strcmp(buffer,"SQLDB")==0)
++			{
++			strncpy(conf->sqldb,p+1,sizeof(conf->sqldb)-1);
++			conf->sqldb[sizeof(conf->sqldb)-1] = '\0';
++			}
++                if(strcmp(buffer,"SQLPASSWD")==0)
++			{
++			strncpy(conf->sqlpasswd,p+1,sizeof(conf->sqlpasswd)-1);
++			conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0';
++			}
++                if(strcmp(buffer,"MESSAGE")==0)
++			{
++			strncpy(conf->message,p+1,sizeof(conf->message)-1);
++			conf->message[sizeof(conf->message)-1] = '\0';
++			}
+                 if(strcmp(buffer,"PORT")==0) conf->port=atoi(p+1);
+                 if(strcmp(buffer,"MAXCON")==0) conf->maxcon=atoi(p+1);
+                 if(strcmp(buffer,"MINTIME")==0) conf->mini=atol(p+1);
+--- server.c.orig	2005-04-13 03:28:29.000000000 -0400
++++ server.c	2005-04-13 12:15:36.000000000 -0400
+@@ -208,7 +208,7 @@
+ int pid;
+ 
+ pid=getpid();
+-GetPeerIp(s,ip,buff);
++GetPeerIp(s,ip,BLEN,buff,BLEN);
+ 
+ //
+ // We check if this IP is authorized to connect to us
+@@ -261,21 +261,34 @@
+ 	// Now, we are sure our buffer string length is no more than BLEN
+ 	// as all parameters are defined also as buffers with a BLEN size
+ 	// no buffer overflow is possible using strcpy .
++	// But what's the point. Protect it anyway.
+ 	//
+ 
+ 	if(strcmp(buff,"")==0) break;
+ 
+ 	if(strncmp(buff,"request=",8)==0)
+-		strcpy(request,buff+8);
++		{
++		strncpy(request,buff+8, sizeof(request)-1);
++		request[sizeof(request)-1] = '\0';
++		}
+ 
+ 	if(strncmp(buff,"sender=",7)==0)
+-		strcpy(sender,buff+7);
++		{
++		strncpy(sender,buff+7, sizeof(sender)-1);
++		sender[sizeof(sender)-1] = '\0';
++		}
+ 
+ 	if(strncmp(buff,"recipient=",10)==0)
+-		strcpy(recipient,buff+10);
++		{
++		strncpy(recipient,buff+10, sizeof(recipient)-1);
++		recipient[sizeof(recipient)-1] = '\0';
++		}
+ 
+ 	if(strncmp(buff,"client_address=",15)==0)
+-		strcpy(ip,buff+15);
++		{
++		strncpy(ip,buff+15,sizeof(ip)-1);
++		ip[sizeof(ip)-1] = '\0';
++		}
+ 
+ 	}
+ 
+@@ -300,7 +313,11 @@
+ // Now, we can safely use, str** functions
+ //
+ 
+-if(sender[0]==0) strcpy(sender,"void@void");
++if(sender[0]==0)
++	{
++	strncpy(sender,"void@void",sizeof(sender)-1);
++	sender[sizeof(sender)-1] = '\0';
++	}
+ 
+ if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0)
+ 	{
+--- sockets.c.orig	2004-10-12 08:39:34.000000000 -0400
++++ sockets.c	2005-04-13 12:06:13.000000000 -0400
+@@ -540,7 +540,7 @@
+ /*                                              */
+ /************************************************/
+ 
+-int DnsIp(char *host,char *ip)
++int DnsIp(char *host,char *ip, size_t len)
+ {
+ struct hostent *hostptr;
+ struct in_addr *ptr;
+@@ -552,7 +552,11 @@
+ 
+ ptr=(struct in_addr *) *hostptr->h_addr_list;
+ 
+-if(ip!=NULL) strcpy(ip,(char *)inet_ntoa(*ptr));
++if(ip!=NULL)
++	{
++	strncpy(ip,(char *)inet_ntoa(*ptr), len - 1);
++	ip[len-1] = '\0';
++	}
+ return(0);
+ }
+ 
+@@ -572,13 +576,14 @@
+ /*                                              */
+ /************************************************/
+ 
+-int DnsFQDN(char *host,char *fqdn)
++int DnsFQDN(char *host,char *fqdn, size_t len)
+ {
+ struct hostent *hostptr;
+ 
+ if((hostptr=(struct hostent *)gethostbyname(host))==NULL) return(S_HOST_ERR);
+ 
+-strcpy(fqdn,hostptr->h_name);
++strncpy(fqdn,hostptr->h_name, len-1);
++fqdn[len-1] = '\0';
+ return(0);
+ 
+ }
+@@ -599,7 +604,7 @@
+ /*                                              */
+ /************************************************/
+ 
+-int DnsName(char *ip,char *fqdn)
++int DnsName(char *ip,char *fqdn, size_t len)
+ {
+ 
+ struct hostent *hostptr;
+@@ -609,7 +614,8 @@
+ 
+ if((hostptr=(struct hostent *)gethostbyaddr((char *)&addr,sizeof(struct in_addr),AF_INET))==NULL) return(S_HOST_ERR);
+ 
+-strcpy(fqdn,hostptr->h_name);
++strncpy(fqdn,hostptr->h_name, len-1);
++fqdn[len-1] = '\0';
+ 
+ return(0);
+ }
+@@ -631,20 +637,27 @@
+ /*                                              */
+ /************************************************/
+ 
+-void GetPeerIp(int sock,char *ipfrom,char *hostfrom)
++void GetPeerIp(int sock,char *ipfrom, size_t lip, char *hostfrom, size_t hip)
+ {
+ struct sockaddr_in from;
+ size_t foo=sizeof(struct sockaddr_in);
+ struct hostent *hostptr;
+ 
+-strcpy(ipfrom,"???.???.???.???");
+-strcpy(hostfrom,"?????");
++strncpy(ipfrom,"???.???.???.???", lip-1);
++ipfrom[lip-1] = '\0';
++strncpy(hostfrom,"?????", hip-1);
++hostfrom[hip-1] = '\0';
+ 
+ if (getpeername(sock,(struct sockaddr *)&from, &foo) == 0)
+      {
+-     strcpy(ipfrom,(char *)inet_ntoa(from.sin_addr));
++     strncpy(ipfrom,(char *)inet_ntoa(from.sin_addr), lip-1);
++    ipfrom[lip-1] = '\0';
+      hostptr=(struct hostent *)gethostbyaddr((char *)&from.sin_addr,sizeof(struct in_addr),AF_INET);
+-     if(hostptr!=NULL) strcpy(hostfrom,hostptr->h_name);
++     if(hostptr!=NULL)
++		{
++		strncpy(hostfrom,hostptr->h_name, hip-1);
++		hostfrom[hip-1] = '\0';
++		}
+      }
+ }
+ 
+--- sockets.h.orig	2005-04-13 12:13:23.000000000 -0400
++++ sockets.h	2005-04-13 12:06:34.000000000 -0400
+@@ -118,10 +118,10 @@
+ 
+ /* DNS functions */
+ 
+-int DnsIp(char *host,char *ip);
+-int DnsFQDN(char *host,char *fqdn);
+-int DnsName(char *ip,char *fqdn);
+-void GetPeerIp(int sock,char *ip,char *fqdn);
++int DnsIp(char *host,char *ip,size_t);
++int DnsFQDN(char *host,char *fqdn,size_t);
++int DnsName(char *ip,char *fqdn,size_t);
++void GetPeerIp(int sock,char *ip,size_t,char *fqdn,size_t);
+ 
+ /* Special Functions */
+
author	christos <christos@pkgsrc.org>	2005-04-13 16:19:59 +0000
committer	christos <christos@pkgsrc.org>	2005-04-13 16:19:59 +0000
commit	e8f1c6171bfcda41ce6bf3bf1e4e57ee67e184e4 (patch)
tree	212be61f39b67c3ad360283029dbab130083c523 /mail/gld/patches
parent	35de2919d327b7123a9b9fd7378af8dc47645d66 (diff)
download	pkgsrc-e8f1c6171bfcda41ce6bf3bf1e4e57ee67e184e4.tar.gz