From fd4f45851c535a1b11d05346768d07ce98935047 Mon Sep 17 00:00:00 2001
From: tron <tron>
Date: Wed, 15 Sep 1999 21:38:45 +0000
Subject: Avoid access to free'd memory in APOP authentication. Patch supplied
 by Kawamoto Yosihisa in PR pkg/8371.

---
 mail/qpopper/patches/patch-aj | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 mail/qpopper/patches/patch-aj

(limited to 'mail')

diff --git a/mail/qpopper/patches/patch-aj b/mail/qpopper/patches/patch-aj
new file mode 100644
index 00000000000..29779b15b5a
--- /dev/null
+++ b/mail/qpopper/patches/patch-aj
@@ -0,0 +1,22 @@
+$NetBSD: patch-aj,v 1.1 1999/09/15 21:38:45 tron Exp $
+
+--- pop_apop.c.orig	Fri Jul 10 08:44:07 1998
++++ pop_apop.c	Sat Sep 11 09:09:30 1999
+@@ -178,6 +178,8 @@
+ 	dbm_close (db);
+ #endif
+ 	return(pop_auth_fail(p, POP_FAILURE, "not authorized"));
++    } else {
++	ddatum.dptr = obscure(ddatum.dptr);
+     }
+ 
+ #ifdef GDBM
+@@ -189,7 +191,7 @@
+ 
+     MD5Init(&mdContext);
+     MD5Update(&mdContext, (unsigned char *)p->md5str, strlen(p->md5str));
+-    MD5Update(&mdContext, (unsigned char *)obscure(ddatum.dptr), (ddatum.dsize - 1));
++    MD5Update(&mdContext, (unsigned char *)ddatum.dptr, (ddatum.dsize - 1));
+     MD5Final(digest, &mdContext);
+ 
+     cp = buffer;
-- 
cgit v1.2.3