Avoid access to free'd memory in APOP authentication. Patch supplied by

Kawamoto Yosihisa in PR pkg/8371.
author: tron <tron> 1999-09-15 21:38:45 +0000
committer: tron <tron> 1999-09-15 21:38:45 +0000
commit: fd4f45851c535a1b11d05346768d07ce98935047 (patch)
tree: 2da60bc6dc7ec0be44bbe8423bf5adb6a3a381e0 /mail
parent: bd248dd6b7fe443dd942b7b24e4a34d4d571b0cb (diff)
download: pkgsrc-fd4f45851c535a1b11d05346768d07ce98935047.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/mail/qpopper/patches/patch-aj b/mail/qpopper/patches/patch-aj
new file mode 100644
index 00000000000..29779b15b5a
--- /dev/null
+++ b/mail/qpopper/patches/patch-aj
@@ -0,0 +1,22 @@
+$NetBSD: patch-aj,v 1.1 1999/09/15 21:38:45 tron Exp $
+
+--- pop_apop.c.orig	Fri Jul 10 08:44:07 1998
++++ pop_apop.c	Sat Sep 11 09:09:30 1999
+@@ -178,6 +178,8 @@
+ 	dbm_close (db);
+ #endif
+ 	return(pop_auth_fail(p, POP_FAILURE, "not authorized"));
++    } else {
++	ddatum.dptr = obscure(ddatum.dptr);
+     }
+ 
+ #ifdef GDBM
+@@ -189,7 +191,7 @@
+ 
+     MD5Init(&mdContext);
+     MD5Update(&mdContext, (unsigned char *)p->md5str, strlen(p->md5str));
+-    MD5Update(&mdContext, (unsigned char *)obscure(ddatum.dptr), (ddatum.dsize - 1));
++    MD5Update(&mdContext, (unsigned char *)ddatum.dptr, (ddatum.dsize - 1));
+     MD5Final(digest, &mdContext);
+ 
+     cp = buffer;
author	tron <tron>	1999-09-15 21:38:45 +0000
committer	tron <tron>	1999-09-15 21:38:45 +0000
commit	fd4f45851c535a1b11d05346768d07ce98935047 (patch)
tree	2da60bc6dc7ec0be44bbe8423bf5adb6a3a381e0 /mail
parent	bd248dd6b7fe443dd942b7b24e4a34d4d571b0cb (diff)
download	pkgsrc-fd4f45851c535a1b11d05346768d07ce98935047.tar.gz