Resolves: #1994034
This commit is contained in:
parent
a3205891de
commit
9f906e1042
170
cyrus-imapd-CVE-2021-33582.patch
Normal file
170
cyrus-imapd-CVE-2021-33582.patch
Normal file
@ -0,0 +1,170 @@
|
|||||||
|
diff --git a/imap/http_dav.c b/imap/http_dav.c
|
||||||
|
index d5f7c114a2..abc6da42ca 100644
|
||||||
|
--- a/imap/http_dav.c
|
||||||
|
+++ b/imap/http_dav.c
|
||||||
|
@@ -6108,7 +6108,7 @@ EXPORTED int meth_propfind(struct transaction_t *txn, void *params)
|
||||||
|
xmlDocPtr indoc = NULL, outdoc = NULL;
|
||||||
|
xmlNodePtr root, cur = NULL, props = NULL;
|
||||||
|
xmlNsPtr ns[NUM_NAMESPACE];
|
||||||
|
- struct hash_table ns_table = { 0, NULL, NULL };
|
||||||
|
+ struct hash_table ns_table = HASH_TABLE_INITIALIZER;
|
||||||
|
struct propfind_ctx fctx;
|
||||||
|
|
||||||
|
memset(&fctx, 0, sizeof(struct propfind_ctx));
|
||||||
|
@@ -8083,7 +8083,7 @@ int meth_report(struct transaction_t *txn, void *params)
|
||||||
|
xmlNodePtr inroot = NULL, outroot = NULL, cur, prop = NULL, props = NULL;
|
||||||
|
const struct report_type_t *report = NULL;
|
||||||
|
xmlNsPtr ns[NUM_NAMESPACE];
|
||||||
|
- struct hash_table ns_table = { 0, NULL, NULL };
|
||||||
|
+ struct hash_table ns_table = HASH_TABLE_INITIALIZER;
|
||||||
|
struct propfind_ctx fctx;
|
||||||
|
|
||||||
|
memset(&fctx, 0, sizeof(struct propfind_ctx));
|
||||||
|
diff --git a/imap/jmap_mail.c b/imap/jmap_mail.c
|
||||||
|
index 7f2d9cb563..84845d273b 100644
|
||||||
|
--- a/imap/jmap_mail.c
|
||||||
|
+++ b/imap/jmap_mail.c
|
||||||
|
@@ -4334,7 +4334,7 @@ static void _email_querychanges_collapsed(jmap_req_t *req,
|
||||||
|
memset(&touched_ids, 0, sizeof(hash_table));
|
||||||
|
construct_hash_table(&touched_ids, mdcount + 1, 0);
|
||||||
|
|
||||||
|
- hashu64_table touched_cids = HASH_TABLE_INITIALIZER;
|
||||||
|
+ hashu64_table touched_cids = HASHU64_TABLE_INITIALIZER;
|
||||||
|
memset(&touched_cids, 0, sizeof(hashu64_table));
|
||||||
|
construct_hashu64_table(&touched_cids, mdcount + 1, 0);
|
||||||
|
|
||||||
|
diff --git a/lib/hash.c b/lib/hash.c
|
||||||
|
index 639b6997e6..593f1bf968 100644
|
||||||
|
--- a/lib/hash.c
|
||||||
|
+++ b/lib/hash.c
|
||||||
|
@@ -43,10 +43,11 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
|
||||||
|
assert(table);
|
||||||
|
assert(size);
|
||||||
|
|
||||||
|
- table->size = size;
|
||||||
|
+ table->size = size;
|
||||||
|
+ table->seed = rand(); /* might be zero, that's okay */
|
||||||
|
|
||||||
|
/* Allocate the table -- different for using memory pools and not */
|
||||||
|
- if(use_mpool) {
|
||||||
|
+ if (use_mpool) {
|
||||||
|
/* Allocate an initial memory pool for 32 byte keys + the hash table
|
||||||
|
* + the buckets themselves */
|
||||||
|
table->pool =
|
||||||
|
@@ -72,7 +73,7 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
|
||||||
|
|
||||||
|
EXPORTED void *hash_insert(const char *key, void *data, hash_table *table)
|
||||||
|
{
|
||||||
|
- unsigned val = strhash(key) % table->size;
|
||||||
|
+ unsigned val = strhash_seeded(table->seed, key) % table->size;
|
||||||
|
bucket *ptr, *newptr;
|
||||||
|
bucket **prev;
|
||||||
|
|
||||||
|
@@ -159,7 +160,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table)
|
||||||
|
if (!table->size)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
- val = strhash(key) % table->size;
|
||||||
|
+ val = strhash_seeded(table->seed, key) % table->size;
|
||||||
|
|
||||||
|
if (!(table->table)[val])
|
||||||
|
return NULL;
|
||||||
|
@@ -183,7 +184,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table)
|
||||||
|
* since it will leak memory until you get rid of the entire hash table */
|
||||||
|
EXPORTED void *hash_del(const char *key, hash_table *table)
|
||||||
|
{
|
||||||
|
- unsigned val = strhash(key) % table->size;
|
||||||
|
+ unsigned val = strhash_seeded(table->seed, key) % table->size;
|
||||||
|
bucket *ptr, *last = NULL;
|
||||||
|
|
||||||
|
if (!(table->table)[val])
|
||||||
|
diff --git a/lib/hash.h b/lib/hash.h
|
||||||
|
index e49037d614..e476de77da 100644
|
||||||
|
--- a/lib/hash.h
|
||||||
|
+++ b/lib/hash.h
|
||||||
|
@@ -3,10 +3,11 @@
|
||||||
|
#define HASH__H
|
||||||
|
|
||||||
|
#include <stddef.h> /* For size_t */
|
||||||
|
+#include <stdint.h>
|
||||||
|
#include "mpool.h"
|
||||||
|
#include "strarray.h"
|
||||||
|
|
||||||
|
-#define HASH_TABLE_INITIALIZER {0, NULL, NULL}
|
||||||
|
+#define HASH_TABLE_INITIALIZER {0, 0, NULL, NULL}
|
||||||
|
|
||||||
|
/*
|
||||||
|
** A hash table consists of an array of these buckets. Each bucket
|
||||||
|
@@ -32,6 +33,7 @@ typedef struct bucket {
|
||||||
|
|
||||||
|
typedef struct hash_table {
|
||||||
|
size_t size;
|
||||||
|
+ uint32_t seed;
|
||||||
|
bucket **table;
|
||||||
|
struct mpool *pool;
|
||||||
|
} hash_table;
|
||||||
|
diff --git a/lib/strhash.c b/lib/strhash.c
|
||||||
|
index d7c1741d2a..1b3251db73 100644
|
||||||
|
--- a/lib/strhash.c
|
||||||
|
+++ b/lib/strhash.c
|
||||||
|
@@ -42,17 +42,32 @@
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
-EXPORTED unsigned strhash(const char *string)
|
||||||
|
+#include "lib/strhash.h"
|
||||||
|
+
|
||||||
|
+/* The well-known djb2 algorithm (e.g. http://www.cse.yorku.ca/~oz/hash.html),
|
||||||
|
+ * with the addition of an optional seed to limit predictability.
|
||||||
|
+ *
|
||||||
|
+ * XXX return type 'unsigned' for back-compat to previous version, but
|
||||||
|
+ * XXX ought to be 'uint32_t'
|
||||||
|
+ */
|
||||||
|
+EXPORTED unsigned strhash_seeded_djb2(uint32_t seed, const char *string)
|
||||||
|
{
|
||||||
|
- unsigned ret_val = 0;
|
||||||
|
- int i;
|
||||||
|
+ const unsigned char *ustr = (const unsigned char *) string;
|
||||||
|
+ unsigned hash = 5381;
|
||||||
|
+ int c;
|
||||||
|
|
||||||
|
- while (*string)
|
||||||
|
- {
|
||||||
|
- i = (int) *string;
|
||||||
|
- ret_val ^= i;
|
||||||
|
- ret_val <<= 1;
|
||||||
|
- string ++;
|
||||||
|
- }
|
||||||
|
- return ret_val;
|
||||||
|
+ if (seed) {
|
||||||
|
+ /* treat the bytes of the seed as a prefix to the string */
|
||||||
|
+ unsigned i;
|
||||||
|
+ for (i = 0; i < sizeof seed; i++) {
|
||||||
|
+ c = seed & 0xff;
|
||||||
|
+ hash = ((hash << 5) + hash) ^ c;
|
||||||
|
+ seed >>= 8;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while ((c = *ustr++))
|
||||||
|
+ hash = ((hash << 5) + hash) ^ c;
|
||||||
|
+
|
||||||
|
+ return hash;
|
||||||
|
}
|
||||||
|
diff --git a/lib/strhash.h b/lib/strhash.h
|
||||||
|
index 34533fdffa..27339bb288 100644
|
||||||
|
--- a/lib/strhash.h
|
||||||
|
+++ b/lib/strhash.h
|
||||||
|
@@ -41,7 +41,11 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _STRHASH_H_
|
||||||
|
+#include <stdint.h>
|
||||||
|
|
||||||
|
-unsigned strhash(const char *string);
|
||||||
|
+unsigned strhash_seeded_djb2(uint32_t seed, const char *string);
|
||||||
|
+
|
||||||
|
+#define strhash(in) strhash_seeded_djb2((0), (in))
|
||||||
|
+#define strhash_seeded(sd, in) strhash_seeded_djb2((sd), (in))
|
||||||
|
|
||||||
|
#endif /* _STRHASH_H_ */
|
@ -14,7 +14,7 @@
|
|||||||
|
|
||||||
Name: cyrus-imapd
|
Name: cyrus-imapd
|
||||||
Version: 3.4.1
|
Version: 3.4.1
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
|
|
||||||
|
|
||||||
%define ssl_pem_file_prefix /etc/pki/%name/%name
|
%define ssl_pem_file_prefix /etc/pki/%name/%name
|
||||||
@ -55,6 +55,7 @@ Patch2: patch-cyrus-rename-quota
|
|||||||
# https://github.com/cyrusimap/cyrus-imapd/issues/2629#issuecomment-456925909
|
# https://github.com/cyrusimap/cyrus-imapd/issues/2629#issuecomment-456925909
|
||||||
Patch4: patch-cyrus-perl-linking
|
Patch4: patch-cyrus-perl-linking
|
||||||
|
|
||||||
|
Patch5: cyrus-imapd-CVE-2021-33582.patch
|
||||||
|
|
||||||
Source10: cyrus-imapd.logrotate
|
Source10: cyrus-imapd.logrotate
|
||||||
Source11: cyrus-imapd.pam-config
|
Source11: cyrus-imapd.pam-config
|
||||||
@ -660,6 +661,10 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 03 2021 Martin Osvald <mosvald@redhat.com> - 3.4.1-5
|
||||||
|
- Add fix for CVE-2021-33582
|
||||||
|
- Resolves: #1994034
|
||||||
|
|
||||||
* Mon Aug 23 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.4.1-4
|
* Mon Aug 23 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.4.1-4
|
||||||
- Drop tzdist module. Clients must use OS provided timezone info
|
- Drop tzdist module. Clients must use OS provided timezone info
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user