From 8a042046385fb7540bf91654979508af9dfdb8d4 Mon Sep 17 00:00:00 2001
From: tez <tez@pkgsrc.org>
Date: Tue, 21 Aug 2012 15:49:54 +0000
Subject: Fix CVE-2012-3482 patch from
 http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs

---
 mail/fetchmail/patches/patch-ntlmsubr.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 mail/fetchmail/patches/patch-ntlmsubr.c

(limited to 'mail/fetchmail/patches')

diff --git a/mail/fetchmail/patches/patch-ntlmsubr.c b/mail/fetchmail/patches/patch-ntlmsubr.c
new file mode 100644
index 00000000000..8281fce6c84
--- /dev/null
+++ b/mail/fetchmail/patches/patch-ntlmsubr.c
@@ -0,0 +1,22 @@
+$NetBSD: patch-ntlmsubr.c,v 1.1 2012/08/21 15:49:54 tez Exp $
+
+Fix CVE-2012-3482
+patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs
+
+--- ntlmsubr.c.orig	2012-08-21 15:19:44.585694400 +0000
++++ ntlmsubr.c
+@@ -55,7 +55,13 @@ int ntlm_helper(int sock, struct query *
+     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ 	goto cancelfail;
+ 
+-    (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++    if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0) {
++	report (stderr, GT_("could not decode BASE64 challenge\n"));
++	/* We do not goto cancelfail; the server has already sent the
++	* tagged reply, so the protocol exchange has ended, no need
++	* for us to send the asterisk. */
++	return PS_AUTHFAIL;
++    }
+ 
+     if (outlevel >= O_DEBUG)
+ 	dumpSmbNtlmAuthChallenge(stdout, &challenge);
-- 
cgit v1.2.3