All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit branch/2017.02.x] exim: add upstream security fix
@ 2018-04-10 19:49 Peter Korsgaard
  0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2018-04-10 19:49 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=14ee40d989a670a792bf0cea93b862effd939c76
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2017.02.x

Fixes the following security issue:

CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent.  A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.

Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8343069e2c3cc79ad14600816a772fcd7592e291)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...005-Fix-base64d-buffer-size-CVE-2018-6789.patch | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/package/exim/0005-Fix-base64d-buffer-size-CVE-2018-6789.patch b/package/exim/0005-Fix-base64d-buffer-size-CVE-2018-6789.patch
new file mode 100644
index 0000000000..1811a7ff98
--- /dev/null
+++ b/package/exim/0005-Fix-base64d-buffer-size-CVE-2018-6789.patch
@@ -0,0 +1,37 @@
+From 062990cc1b2f9e5d82a413b53c8f0569075de700 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Mon, 5 Feb 2018 22:23:32 +0100
+Subject: [PATCH] Fix base64d() buffer size (CVE-2018-6789)
+
+Credits for discovering this bug: Meh Chang <meh@devco.re>
+
+[Peter: Drop ChangeLog change, fix path]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/base64.c      | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/base64.c b/src/base64.c
+index f6f187f0..e58ca6c7 100644
+--- a/src/base64.c
++++ b/src/base64.c
+@@ -152,10 +152,14 @@ static uschar dec64table[] = {
+ int
+ b64decode(const uschar *code, uschar **ptr)
+ {
++
+ int x, y;
+-uschar *result = store_get(3*(Ustrlen(code)/4) + 1);
++uschar *result;
+ 
+-*ptr = result;
++{
++  int l = Ustrlen(code);
++  *ptr = result = store_get(1 + l/4 * 3 + l%4);
++}
+ 
+ /* Each cycle of the loop handles a quantum of 4 input bytes. For the last
+ quantum this may decode to 1, 2, or 3 output bytes. */
+-- 
+2.11.0
+

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2018-04-10 19:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-10 19:49 [Buildroot] [git commit branch/2017.02.x] exim: add upstream security fix Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.