Fix CVE-2008-2711

2008-06-27 09:50:26 +00:00 · 2008-06-27 09:50:26 +00:00 · 704fe37ee0
commit 704fe37ee0
parent 6a5606bcd7
2 changed files with 59 additions and 1 deletions
--- a/fetchmail-6.3.8-CVE-2008-2711.patch
+++ b/fetchmail-6.3.8-CVE-2008-2711.patch
@ -0,0 +1,53 @@
+diff -up fetchmail-6.3.8/report.c_old fetchmail-6.3.8/report.c
+--- fetchmail-6.3.8/report.c_old	2008-06-27 11:38:59.000000000 +0200
+++ fetchmail-6.3.8/report.c	2008-06-27 11:39:22.000000000 +0200
+@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_a
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
+	/*
+	 * args has to be initialized before every call of vsnprintf(), 
+	 * because vsnprintf() invokes va_arg macro and thus args is 
+	 * undefined after the call.
+	 */
+	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
+	va_end (args);
+ 
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
+@@ -304,12 +309,13 @@ report_complete (FILE *errfp, message, v
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
+	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used,
+ 		       partial_message_size - partial_message_size_used,
+ 		       message, args);
+	va_end(args);
+ 
+ 	/* old glibc versions return -1 for truncation */
+ 	if (n >= 0
+@@ -322,7 +328,6 @@ report_complete (FILE *errfp, message, v
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
--- a/fetchmail.spec
+++ b/fetchmail.spec
@ -4,12 +4,13 @@
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
 Version: 6.3.8
-Release: 6%{?dist}
+Release: 7%{?dist}
 Requires: server(smtp)
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
 Patch0: fetchmail-6.2.5-addrconf.patch
 Patch1: fetchmail-6.3.8-CVE-2007-4565.patch
+Patch2: fetchmail-6.3.8-CVE-2008-2711.patch
 URL: http://fetchmail.berlios.de/
 # For a breakdown of the licensing, see COPYING
 License: GPL+ and Public Domain
@ -49,6 +50,7 @@ need to have Python and Tk installed in order to use fetchmailconf.
 %setup -q
 %patch0 -p1 -b .addrconf
 %patch1 -p1 -b .cve_2007_4565
+%patch2 -p1 -b .cve_2008_2711

 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@ -86,6 +88,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif

 %changelog
+* Fri Jun 27 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-7
+- Fix CVE-2008-2711
+
 * Wed Mar 26 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-6
 - Replace smtpdaemon requires by server(smtp) requires
  Resolves: #66396