diff options
author | tron <tron> | 1999-09-15 21:38:45 +0000 |
---|---|---|
committer | tron <tron> | 1999-09-15 21:38:45 +0000 |
commit | fd4f45851c535a1b11d05346768d07ce98935047 (patch) | |
tree | 2da60bc6dc7ec0be44bbe8423bf5adb6a3a381e0 /mail/qpopper | |
parent | bd248dd6b7fe443dd942b7b24e4a34d4d571b0cb (diff) | |
download | pkgsrc-fd4f45851c535a1b11d05346768d07ce98935047.tar.gz |
Avoid access to free'd memory in APOP authentication. Patch supplied by
Kawamoto Yosihisa in PR pkg/8371.
Diffstat (limited to 'mail/qpopper')
-rw-r--r-- | mail/qpopper/patches/patch-aj | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/mail/qpopper/patches/patch-aj b/mail/qpopper/patches/patch-aj new file mode 100644 index 00000000000..29779b15b5a --- /dev/null +++ b/mail/qpopper/patches/patch-aj @@ -0,0 +1,22 @@ +$NetBSD: patch-aj,v 1.1 1999/09/15 21:38:45 tron Exp $ + +--- pop_apop.c.orig Fri Jul 10 08:44:07 1998 ++++ pop_apop.c Sat Sep 11 09:09:30 1999 +@@ -178,6 +178,8 @@ + dbm_close (db); + #endif + return(pop_auth_fail(p, POP_FAILURE, "not authorized")); ++ } else { ++ ddatum.dptr = obscure(ddatum.dptr); + } + + #ifdef GDBM +@@ -189,7 +191,7 @@ + + MD5Init(&mdContext); + MD5Update(&mdContext, (unsigned char *)p->md5str, strlen(p->md5str)); +- MD5Update(&mdContext, (unsigned char *)obscure(ddatum.dptr), (ddatum.dsize - 1)); ++ MD5Update(&mdContext, (unsigned char *)ddatum.dptr, (ddatum.dsize - 1)); + MD5Final(digest, &mdContext); + + cp = buffer; |