diff options
Diffstat (limited to 'www/w3m/patches/patch-ad')
-rw-r--r-- | www/w3m/patches/patch-ad | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/www/w3m/patches/patch-ad b/www/w3m/patches/patch-ad new file mode 100644 index 00000000000..fe001391e89 --- /dev/null +++ b/www/w3m/patches/patch-ad @@ -0,0 +1,58 @@ +$NetBSD: patch-ad,v 1.8.2.2 2010/07/02 09:22:04 spz Exp $ + +Fix for CVE-2010-2074 taken from here: + +http://www.openwall.com/lists/oss-security/2010/06/14/4 + +--- istream.c.orig 2007-05-23 16:06:05.000000000 +0100 ++++ istream.c 2010-07-01 19:31:00.000000000 +0100 +@@ -447,8 +447,17 @@ + + if (!seen_dnsname) + seen_dnsname = Strnew(); ++ /* replace \0 to make full string visible to user */ ++ if (sl != strlen(sn)) { ++ int i; ++ for (i = 0; i < sl; ++i) { ++ if (!sn[i]) ++ sn[i] = '!'; ++ } ++ } + Strcat_m_charp(seen_dnsname, sn, " ", NULL); +- if (ssl_match_cert_ident(sn, sl, hostname)) ++ if (sl == strlen(sn) /* catch \0 in SAN */ ++ && ssl_match_cert_ident(sn, sl, hostname)) + break; + } + } +@@ -466,16 +475,27 @@ + if (match_ident == FALSE && ret == NULL) { + X509_NAME *xn; + char buf[2048]; ++ int slen; + + xn = X509_get_subject_name(x); + +- if (X509_NAME_get_text_by_NID(xn, NID_commonName, +- buf, sizeof(buf)) == -1) ++ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)); ++ if ( slen == -1) + /* FIXME: gettextize? */ + ret = Strnew_charp("Unable to get common name from peer cert"); +- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname)) ++ else if (slen != strlen(buf) ++ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) { ++ /* replace \0 to make full string visible to user */ ++ if (slen != strlen(buf)) { ++ int i; ++ for (i = 0; i < slen; ++i) { ++ if (!buf[i]) ++ buf[i] = '!'; ++ } ++ } + /* FIXME: gettextize? */ + ret = Sprintf("Bad cert ident %s from %s", buf, hostname); ++ } + else + match_ident = TRUE; + } |