head 1.1; access; symbols pkgsrc-2013Q2:1.1.0.32 pkgsrc-2013Q2-base:1.1 pkgsrc-2012Q4:1.1.0.30 pkgsrc-2012Q4-base:1.1 pkgsrc-2011Q4:1.1.0.28 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q2:1.1.0.26 pkgsrc-2011Q2-base:1.1 pkgsrc-2009Q4:1.1.0.24 pkgsrc-2009Q4-base:1.1 pkgsrc-2008Q4:1.1.0.22 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.20 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.18 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.16 pkgsrc-2008Q2-base:1.1 pkgsrc-2008Q1:1.1.0.14 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.12 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.10 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.8 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.6 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.4 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.2; locks; strict; comment @# @; 1.1 date 2006.11.23.19.56.43; author salo; state dead; branches 1.1.2.1; next ; 1.1.2.1 date 2006.11.23.19.56.43; author salo; state Exp; branches; next ; desc @@ 1.1 log @file patch-aj was initially added on branch pkgsrc-2006Q3. @ text @@ 1.1.2.1 log @Pullup ticket 1915 - requested by ghen security fix for dovecot Patch provided by the submitter. Fixes a buffer-overflow in the cache file handling. Bump PKGREVISION. @ text @a0 29 $NetBSD$ Fix a file-cache buffer overflow as documented in http://www.dovecot.org/list/dovecot-news/2006-November/000023.html From dovecot-1.0rc15. --- src/lib/file-cache.c 28 May 2006 23:43:44 -0000 1.12.2.1 +++ src/lib/file-cache.c 18 Nov 2006 23:35:35 -0000 1.12.2.4 @@@@ -128,8 +128,8 @@@@ i_assert(psize > 0); bits = buffer_get_space_unsafe(cache->page_bitmask, 0, - poffset / CHAR_BIT + - (psize + CHAR_BIT - 1) / CHAR_BIT); + (poffset + psize + CHAR_BIT - 1) / + CHAR_BIT); dest_offset = poffset * page_size; dest = PTR_OFFSET(cache->mmap_base, dest_offset); @@@@ -282,7 +282,7 @@@@ } bits = buffer_get_space_unsafe(cache->page_bitmask, offset / CHAR_BIT, - (size + CHAR_BIT - 1) / CHAR_BIT); + 1 + (size + CHAR_BIT - 1) / CHAR_BIT); /* set the first byte */ for (i = offset % CHAR_BIT, mask = 0; i < CHAR_BIT && size > 0; i++) { @