Avoid access to free'd memory in APOP authentication. Patch supplied by

Kawamoto Yosihisa in PR pkg/8371.
author: tron <tron@pkgsrc.org> 1999-09-15 21:38:45 +0000
committer: tron <tron@pkgsrc.org> 1999-09-15 21:38:45 +0000
commit: a81f798f1fb7e9585e5a5991f9b0f75d7ec322c7 (patch)
tree: 2da60bc6dc7ec0be44bbe8423bf5adb6a3a381e0 /mail
parent: 72a8dbd07a8171bcfd8027ea96550bb283b9fc8f (diff)
download: pkgsrc-a81f798f1fb7e9585e5a5991f9b0f75d7ec322c7.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/mail/qpopper/patches/patch-aj b/mail/qpopper/patches/patch-aj
new file mode 100644
index 00000000000..29779b15b5a
--- /dev/null
+++ b/mail/qpopper/patches/patch-aj
@@ -0,0 +1,22 @@
+$NetBSD: patch-aj,v 1.1 1999/09/15 21:38:45 tron Exp $
+
+--- pop_apop.c.orig	Fri Jul 10 08:44:07 1998
++++ pop_apop.c	Sat Sep 11 09:09:30 1999
+@@ -178,6 +178,8 @@
+ 	dbm_close (db);
+ #endif
+ 	return(pop_auth_fail(p, POP_FAILURE, "not authorized"));
++    } else {
++	ddatum.dptr = obscure(ddatum.dptr);
+     }
+ 
+ #ifdef GDBM
+@@ -189,7 +191,7 @@
+ 
+     MD5Init(&mdContext);
+     MD5Update(&mdContext, (unsigned char *)p->md5str, strlen(p->md5str));
+-    MD5Update(&mdContext, (unsigned char *)obscure(ddatum.dptr), (ddatum.dsize - 1));
++    MD5Update(&mdContext, (unsigned char *)ddatum.dptr, (ddatum.dsize - 1));
+     MD5Final(digest, &mdContext);
+ 
+     cp = buffer;
author	tron <tron@pkgsrc.org>	1999-09-15 21:38:45 +0000
committer	tron <tron@pkgsrc.org>	1999-09-15 21:38:45 +0000
commit	a81f798f1fb7e9585e5a5991f9b0f75d7ec322c7 (patch)
tree	2da60bc6dc7ec0be44bbe8423bf5adb6a3a381e0 /mail
parent	72a8dbd07a8171bcfd8027ea96550bb283b9fc8f (diff)
download	pkgsrc-a81f798f1fb7e9585e5a5991f9b0f75d7ec322c7.tar.gz