diff options
| author | christos <christos> | 2005-04-13 16:19:59 +0000 |
|---|---|---|
| committer | christos <christos> | 2005-04-13 16:19:59 +0000 |
| commit | d91a307227c1180a875c711c69da1f4a87008508 (patch) | |
| tree | 212be61f39b67c3ad360283029dbab130083c523 /mail | |
| parent | e3f309d5b9791d44867d39f3c2b15626510a1ba9 (diff) | |
| download | pkgsrc-d91a307227c1180a875c711c69da1f4a87008508.tar.gz | |
Update to 1.5 to fix security vulnerability issues.
- Add more patches to totally eliminate strcpy(); this code is horrible.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/gld/Makefile | 4 | ||||
| -rw-r--r-- | mail/gld/distinfo | 11 | ||||
| -rw-r--r-- | mail/gld/patches/patch-aa | 10 | ||||
| -rw-r--r-- | mail/gld/patches/patch-ab | 306 |
4 files changed, 319 insertions, 12 deletions
diff --git a/mail/gld/Makefile b/mail/gld/Makefile index 0243a416b6c..2098257a49e 100644 --- a/mail/gld/Makefile +++ b/mail/gld/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.4 2005/04/11 21:46:19 tv Exp $ +# $NetBSD: Makefile,v 1.5 2005/04/13 16:19:59 christos Exp $ # -DISTNAME= gld-1.4 +DISTNAME= gld-1.5 PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= http://www.gasmi.net/down/ diff --git a/mail/gld/distinfo b/mail/gld/distinfo index d3aeb5e71a8..6577d7feeca 100644 --- a/mail/gld/distinfo +++ b/mail/gld/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.2 2005/02/24 09:59:22 agc Exp $ +$NetBSD: distinfo,v 1.3 2005/04/13 16:19:59 christos Exp $ -SHA1 (gld-1.4.tgz) = c5844b1537407dad658fd4e47fe6104047af9346 -RMD160 (gld-1.4.tgz) = f0f088384d896b9ce156c07afa172740ff621f9b -Size (gld-1.4.tgz) = 35714 bytes -SHA1 (patch-aa) = 90310c9e831372c7a94048cff47c72a17b65f605 +SHA1 (gld-1.5.tgz) = febc398be2e68bf7b4bc6e3015da2f225760204d +RMD160 (gld-1.5.tgz) = dab09c1776fb014effdd3d87d4a6808274bbfdd9 +Size (gld-1.4.tgz) = 39030 bytes +SHA1 (patch-aa) = ef415ff661dfe07d02158f5684b1cf182e76f757 +SHA1 (patch-ab) = ac69f29dced3d972837ac90b7ad23bdcbed70c17 diff --git a/mail/gld/patches/patch-aa b/mail/gld/patches/patch-aa index 54ec17d64a0..7cf57442817 100644 --- a/mail/gld/patches/patch-aa +++ b/mail/gld/patches/patch-aa @@ -1,15 +1,15 @@ -$NetBSD: patch-aa,v 1.1.1.1 2004/11/25 05:42:40 xtraeme Exp $ +$NetBSD: patch-aa,v 1.2 2005/04/13 16:19:59 christos Exp $ ---- Makefile.in.orig 2004-07-14 22:52:53.000000000 +0200 -+++ Makefile.in 2004-11-25 05:53:05.000000000 +0100 +--- Makefile.in.orig 2004-10-12 08:41:49.000000000 -0400 ++++ Makefile.in 2005-04-13 11:53:50.000000000 -0400 @@ -1,8 +1,8 @@ all: gld gld: cnf.o server.o sql.o sockets.o greylist.o gld.h -- @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @MYSQL_LIBS@ -o gld +- @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @LIBS@ @SQL_LIBS@ -o gld - strip gld + @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o \ -+ $(LDFLAGS) -lmysqlclient -o gld ++ $(LDFLAGS) -lmysqlclient -o gld sockets.o: sockets.c sockets.h @CC@ -O2 @DEFS@ -Wall -c sockets.c diff --git a/mail/gld/patches/patch-ab b/mail/gld/patches/patch-ab new file mode 100644 index 00000000000..9dc60be8e4e --- /dev/null +++ b/mail/gld/patches/patch-ab @@ -0,0 +1,306 @@ +$NetBSD: patch-ab,v 1.1 2005/04/13 16:19:59 christos Exp $ + +--- greylist.c.orig 2005-04-13 05:26:10.000000000 -0400 ++++ greylist.c 2005-04-13 12:03:39.000000000 -0400 +@@ -21,8 +21,11 @@ + + ts=time(0); + strncpy(oip,ip,sizeof(oip)-1); ++oip[sizeof(oip)-1] = '\0'; + strncpy(osender,sender,sizeof(osender)-1); ++osender[sizeof(osender)-1] = '\0'; + strncpy(orecipient,recipient,sizeof(orecipient)-1); ++orecipient[sizeof(orecipient)-1] = '\0'; + + if(conf->debug==1) printf("%d: Starting the greylist algo\n",pid); + +@@ -68,10 +71,18 @@ + if(conf->debug==1) printf("%d: lightgrey on domain is on, let's keep the domain only on recipient and sender\n",pid); + + domain=(char *)strstr(osender,"@"); +- if(domain!=NULL) strncpy(sender,domain,BLEN-1); ++ if(domain!=NULL) ++ { ++ strncpy(sender,domain,BLEN-1); ++ sender[BLEN-1] = '\0'; ++ } + + domain=(char *)strstr(orecipient,"@"); +- if(domain!=NULL) strncpy(recipient,domain,BLEN-1); ++ if(domain!=NULL) ++ { ++ strncpy(recipient,domain,BLEN-1); ++ recipient[BLEN-1] = '\0'; ++ } + } + + // +@@ -119,6 +130,7 @@ + if(domain==NULL) domain=osender; + + strncpy(netw,oip,sizeof(netw)-1); ++ netw[sizeof(netw)-1] = '\0'; + l=strlen(netw); + for(i=l-1;i>=0;i--) + if(netw[i]=='.') +@@ -148,7 +160,7 @@ + if(x==4) + { + snprintf(query,sizeof(query)-1,"%d.%d.%d.%d.%s",d,c,b,a,conf->dnswl); +- n=DnsIp(query,NULL); ++ n=DnsIp(query,NULL, 0); + if(conf->debug==1) printf("%d: DNSQuery=(%s) result=%ld\n",pid,query,n); + if(n==0) + { +--- cnf.c.orig 2005-04-13 12:06:54.000000000 -0400 ++++ cnf.c 2005-04-13 12:11:51.000000000 -0400 +@@ -36,11 +36,16 @@ + + // We set the default values + +-strcpy(conf->sqlhost,"localhost"); +-strcpy(conf->sqluser,"myuser"); +-strcpy(conf->sqldb,"mydb"); +-strcpy(conf->sqlpasswd,"mypasswd"); +-strcpy(conf->message,"Greylisted"); ++strncpy(conf->sqlhost,"localhost",sizeof(conf->sqlhost)-1); ++conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0'; ++strncpy(conf->sqluser,"myuser",sizeof(conf->sqluser)-1); ++conf->sqluser[sizeof(conf->sqluser)-1] = '\0'; ++strncpy(conf->sqldb,"mydb",sizeof(conf->sqldb)-1); ++conf->sqldb[sizeof(conf->sqldb)-1] = '\0'; ++strncpy(conf->sqlpasswd,"mypasswd",sizeof(conf->sqlpasswd)-1); ++conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0'; ++strncpy(conf->message,"Greylisted",sizeof(conf->message)-1); ++conf->message[sizeof(conf->message)-1] = '\0'; + conf->port=2525; + conf->maxcon=100; + conf->mini=60; +@@ -73,14 +78,46 @@ + buffer[strlen(buffer)-1]=0; + *p=0; + if(strcmp(buffer,"CLIENTS")==0) ReadClients(conf,p+1); +- if(strcmp(buffer,"USER")==0) strcpy(conf->user,p+1); +- if(strcmp(buffer,"GROUP")==0) strcpy(conf->grp,p+1); +- if(strcmp(buffer,"DNSWL")==0) strcpy(conf->dnswl,p+1); +- if(strcmp(buffer,"SQLHOST")==0) strcpy(conf->sqlhost,p+1); +- if(strcmp(buffer,"SQLUSER")==0) strcpy(conf->sqluser,p+1); +- if(strcmp(buffer,"SQLDB")==0) strcpy(conf->sqldb,p+1); +- if(strcmp(buffer,"SQLPASSWD")==0) strcpy(conf->sqlpasswd,p+1); +- if(strcmp(buffer,"MESSAGE")==0) strcpy(conf->message,p+1); ++ if(strcmp(buffer,"USER")==0) ++ { ++ strncpy(conf->user,p+1,sizeof(conf->user)-1); ++ conf->user[sizeof(conf->user)-1] = '\0'; ++ } ++ if(strcmp(buffer,"GROUP")==0) ++ { ++ strncpy(conf->grp,p+1,sizeof(conf->grp)-1); ++ conf->grp[sizeof(conf->grp)-1] = '\0'; ++ } ++ if(strcmp(buffer,"DNSWL")==0) ++ { ++ strncpy(conf->dnswl,p+1,sizeof(conf->dnswl)-1); ++ conf->dnswl[sizeof(conf->dnswl)-1] = '\0'; ++ } ++ if(strcmp(buffer,"SQLHOST")==0) ++ { ++ strncpy(conf->sqlhost,p+1,sizeof(conf->sqlhost)-1); ++ conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0'; ++ } ++ if(strcmp(buffer,"SQLUSER")==0) ++ { ++ strncpy(conf->sqluser,p+1,sizeof(conf->sqluser)-1); ++ conf->sqluser[sizeof(conf->sqluser)-1] = '\0'; ++ } ++ if(strcmp(buffer,"SQLDB")==0) ++ { ++ strncpy(conf->sqldb,p+1,sizeof(conf->sqldb)-1); ++ conf->sqldb[sizeof(conf->sqldb)-1] = '\0'; ++ } ++ if(strcmp(buffer,"SQLPASSWD")==0) ++ { ++ strncpy(conf->sqlpasswd,p+1,sizeof(conf->sqlpasswd)-1); ++ conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0'; ++ } ++ if(strcmp(buffer,"MESSAGE")==0) ++ { ++ strncpy(conf->message,p+1,sizeof(conf->message)-1); ++ conf->message[sizeof(conf->message)-1] = '\0'; ++ } + if(strcmp(buffer,"PORT")==0) conf->port=atoi(p+1); + if(strcmp(buffer,"MAXCON")==0) conf->maxcon=atoi(p+1); + if(strcmp(buffer,"MINTIME")==0) conf->mini=atol(p+1); +--- server.c.orig 2005-04-13 03:28:29.000000000 -0400 ++++ server.c 2005-04-13 12:15:36.000000000 -0400 +@@ -208,7 +208,7 @@ + int pid; + + pid=getpid(); +-GetPeerIp(s,ip,buff); ++GetPeerIp(s,ip,BLEN,buff,BLEN); + + // + // We check if this IP is authorized to connect to us +@@ -261,21 +261,34 @@ + // Now, we are sure our buffer string length is no more than BLEN + // as all parameters are defined also as buffers with a BLEN size + // no buffer overflow is possible using strcpy . ++ // But what's the point. Protect it anyway. + // + + if(strcmp(buff,"")==0) break; + + if(strncmp(buff,"request=",8)==0) +- strcpy(request,buff+8); ++ { ++ strncpy(request,buff+8, sizeof(request)-1); ++ request[sizeof(request)-1] = '\0'; ++ } + + if(strncmp(buff,"sender=",7)==0) +- strcpy(sender,buff+7); ++ { ++ strncpy(sender,buff+7, sizeof(sender)-1); ++ sender[sizeof(sender)-1] = '\0'; ++ } + + if(strncmp(buff,"recipient=",10)==0) +- strcpy(recipient,buff+10); ++ { ++ strncpy(recipient,buff+10, sizeof(recipient)-1); ++ recipient[sizeof(recipient)-1] = '\0'; ++ } + + if(strncmp(buff,"client_address=",15)==0) +- strcpy(ip,buff+15); ++ { ++ strncpy(ip,buff+15,sizeof(ip)-1); ++ ip[sizeof(ip)-1] = '\0'; ++ } + + } + +@@ -300,7 +313,11 @@ + // Now, we can safely use, str** functions + // + +-if(sender[0]==0) strcpy(sender,"void@void"); ++if(sender[0]==0) ++ { ++ strncpy(sender,"void@void",sizeof(sender)-1); ++ sender[sizeof(sender)-1] = '\0'; ++ } + + if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0) + { +--- sockets.c.orig 2004-10-12 08:39:34.000000000 -0400 ++++ sockets.c 2005-04-13 12:06:13.000000000 -0400 +@@ -540,7 +540,7 @@ + /* */ + /************************************************/ + +-int DnsIp(char *host,char *ip) ++int DnsIp(char *host,char *ip, size_t len) + { + struct hostent *hostptr; + struct in_addr *ptr; +@@ -552,7 +552,11 @@ + + ptr=(struct in_addr *) *hostptr->h_addr_list; + +-if(ip!=NULL) strcpy(ip,(char *)inet_ntoa(*ptr)); ++if(ip!=NULL) ++ { ++ strncpy(ip,(char *)inet_ntoa(*ptr), len - 1); ++ ip[len-1] = '\0'; ++ } + return(0); + } + +@@ -572,13 +576,14 @@ + /* */ + /************************************************/ + +-int DnsFQDN(char *host,char *fqdn) ++int DnsFQDN(char *host,char *fqdn, size_t len) + { + struct hostent *hostptr; + + if((hostptr=(struct hostent *)gethostbyname(host))==NULL) return(S_HOST_ERR); + +-strcpy(fqdn,hostptr->h_name); ++strncpy(fqdn,hostptr->h_name, len-1); ++fqdn[len-1] = '\0'; + return(0); + + } +@@ -599,7 +604,7 @@ + /* */ + /************************************************/ + +-int DnsName(char *ip,char *fqdn) ++int DnsName(char *ip,char *fqdn, size_t len) + { + + struct hostent *hostptr; +@@ -609,7 +614,8 @@ + + if((hostptr=(struct hostent *)gethostbyaddr((char *)&addr,sizeof(struct in_addr),AF_INET))==NULL) return(S_HOST_ERR); + +-strcpy(fqdn,hostptr->h_name); ++strncpy(fqdn,hostptr->h_name, len-1); ++fqdn[len-1] = '\0'; + + return(0); + } +@@ -631,20 +637,27 @@ + /* */ + /************************************************/ + +-void GetPeerIp(int sock,char *ipfrom,char *hostfrom) ++void GetPeerIp(int sock,char *ipfrom, size_t lip, char *hostfrom, size_t hip) + { + struct sockaddr_in from; + size_t foo=sizeof(struct sockaddr_in); + struct hostent *hostptr; + +-strcpy(ipfrom,"???.???.???.???"); +-strcpy(hostfrom,"?????"); ++strncpy(ipfrom,"???.???.???.???", lip-1); ++ipfrom[lip-1] = '\0'; ++strncpy(hostfrom,"?????", hip-1); ++hostfrom[hip-1] = '\0'; + + if (getpeername(sock,(struct sockaddr *)&from, &foo) == 0) + { +- strcpy(ipfrom,(char *)inet_ntoa(from.sin_addr)); ++ strncpy(ipfrom,(char *)inet_ntoa(from.sin_addr), lip-1); ++ ipfrom[lip-1] = '\0'; + hostptr=(struct hostent *)gethostbyaddr((char *)&from.sin_addr,sizeof(struct in_addr),AF_INET); +- if(hostptr!=NULL) strcpy(hostfrom,hostptr->h_name); ++ if(hostptr!=NULL) ++ { ++ strncpy(hostfrom,hostptr->h_name, hip-1); ++ hostfrom[hip-1] = '\0'; ++ } + } + } + +--- sockets.h.orig 2005-04-13 12:13:23.000000000 -0400 ++++ sockets.h 2005-04-13 12:06:34.000000000 -0400 +@@ -118,10 +118,10 @@ + + /* DNS functions */ + +-int DnsIp(char *host,char *ip); +-int DnsFQDN(char *host,char *fqdn); +-int DnsName(char *ip,char *fqdn); +-void GetPeerIp(int sock,char *ip,char *fqdn); ++int DnsIp(char *host,char *ip,size_t); ++int DnsFQDN(char *host,char *fqdn,size_t); ++int DnsName(char *ip,char *fqdn,size_t); ++void GetPeerIp(int sock,char *ip,size_t,char *fqdn,size_t); + + /* Special Functions */ + |