From 3a4b8ccffb8fcdcb2358ff5a2ac82281a86131fb Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 7 Sep 2009 14:37:58 +0000 Subject: [PATCH] fix buffer overflow in cyrus sieve --- cyrus-imapd-2.3.13-bufov.patch | 80 ++++++++++++++++++++++++++++++++++ cyrus-imapd.spec | 7 ++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 cyrus-imapd-2.3.13-bufov.patch diff --git a/cyrus-imapd-2.3.13-bufov.patch b/cyrus-imapd-2.3.13-bufov.patch new file mode 100644 index 0000000..0286ab5 --- /dev/null +++ b/cyrus-imapd-2.3.13-bufov.patch @@ -0,0 +1,80 @@ +--- src/sieve/script.c 2008/03/24 20:08:46 1.67 ++++ src/sieve/script.c 2009/09/02 13:56:18 1.68 +@@ -40,7 +40,7 @@ + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * +- * $Id: cyrus-imapd-2.3.13-bufov.patch,v 1.1 2009/09/07 14:37:58 mhlavink Exp $ ++ * $Id: cyrus-imapd-2.3.13-bufov.patch,v 1.1 2009/09/07 14:37:58 mhlavink Exp $ + */ + + #ifdef HAVE_CONFIG_H +@@ -688,7 +688,7 @@ static int do_sieve_error(int ret, + ret |= keep_ret; + if (keep_ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Kept\n"); + else { + implicit_keep = 0; /* don't try an implicit keep again */ +@@ -742,7 +742,7 @@ static int do_action_list(sieve_interp_t + + if (ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Rejected with: %s\n", a->u.rej.msg); + + break; +@@ -757,7 +757,7 @@ static int do_action_list(sieve_interp_t + + if (ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Filed into: %s\n",a->u.fil.mailbox); + break; + case ACTION_KEEP: +@@ -770,7 +770,7 @@ static int do_action_list(sieve_interp_t + &errmsg); + if (ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Kept\n"); + break; + case ACTION_REDIRECT: +@@ -783,7 +783,7 @@ static int do_action_list(sieve_interp_t + &errmsg); + if (ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Redirected to %s\n", a->u.red.addr); + break; + case ACTION_DISCARD: +@@ -794,7 +794,7 @@ static int do_action_list(sieve_interp_t + &errmsg); + if (ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Discarded\n"); + break; + +@@ -820,12 +820,12 @@ static int do_action_list(sieve_interp_t + + if (ret == SIEVE_OK) + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Sent vacation reply\n"); + + } else if (ret == SIEVE_DONE) { + snprintf(actions_string+strlen(actions_string), +- sizeof(actions_string)-strlen(actions_string), ++ ACTIONS_STRING_LEN-strlen(actions_string), + "Vacation reply suppressed\n"); + + ret = SIEVE_OK; diff --git a/cyrus-imapd.spec b/cyrus-imapd.spec index 49d32e4..7803371 100644 --- a/cyrus-imapd.spec +++ b/cyrus-imapd.spec @@ -1,6 +1,6 @@ Name: cyrus-imapd Version: 2.3.14 -Release: 4%{?dist} +Release: 5%{?dist} # ********************** BUILD TIME OPTIONS START ********************** @@ -116,6 +116,7 @@ Patch15: cyrus-imapd-2.3.1-make_md5_defaults.patch Patch18: cyrus-imapd-2.3.7-krb4.patch # https://bugzilla.redhat.com/show_bug.cgi?id=461875 Patch19: cyrus-imapd-2.3.12p2-current-db.patch +Patch20: cyrus-imapd-2.3.13-bufov.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: autoconf >= 2.59 BuildRequires: cyrus-sasl-devel >= 2.1.15-1, perl-devel, tcp_wrappers @@ -213,6 +214,7 @@ one running the server. %patch15 -p1 -b .make_md5_defaults %patch18 -p1 -b .krb4 %patch19 -p1 -b .db4.7 +%patch20 -p1 -b .bufov # only to update config.* files automake -a -f -c || : @@ -729,6 +731,9 @@ fi %{_mandir}/man1/* %changelog +* Mon Sep 07 2009 Michal Hlavinka - 2.3.14-5 +- fix buffer overflow in cyrus sieve (#521010) + * Fri Aug 21 2009 Tomas Mraz - 2.3.14-4 - rebuilt with new openssl