head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.36
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.34
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.32
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.30
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.28
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.26
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.24
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.22
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.20
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.18
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.16
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.14
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.12
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.10
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.8
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.6
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.4
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.2
	pkgsrc-2006Q1-base:1.2
	pkgsrc-2005Q4:1.1.0.4
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2006.01.12.20.53.51;	author adam;	state dead;
branches;
next	1.1;

1.1
date	2005.10.05.15.49.44;	author salo;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2005.10.05.15.49.44;	author snj;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2005.10.08.06.18.10;	author snj;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Changes 2004g:
* Bug fix: quoted string handling in the mailbox name parsing routine

Changes 2004f:
* Bug fix: TCP code
* New SSL/TLS routines
@
text
@$NetBSD: patch-an,v 1.1 2005/10/05 15:49:44 salo Exp $

Security fix for CAN-2005-2933, from 2004g.

--- src/c-client/mail.c.orig	2005-03-17 01:12:17.000000000 +0100
+++ src/c-client/mail.c	2005-10-05 17:37:13.000000000 +0200
@@@@ -691,8 +691,10 @@@@
       if (c == '=') {		/* parse switches which take arguments */
 	if (*t == '"') {	/* quoted string? */
 	  for (v = arg,i = 0,++t; (c = *t++) != '"';) {
+            if (!c) return NIL; /* unterminated string */
 				/* quote next character */
 	    if (c == '\\') c = *t++;
+            if (!c) return NIL; /* can't quote NUL either */
 	    arg[i++] = c;
 	  }
 	  c = *t++;		/* remember delimiter for later */
@


1.1
log
@Security fix for SA17062:

"A vulnerability in UW-imapd can be exploited by malicious users to
 cause a DoS (Denial of Service) or compromise a vulnerable system.

 The vulnerability is caused due to a boundary error in the
 "mail_valid_net_parse_work()" function when copying the user supplied
 mailbox name to a stack buffer. This can be exploited to cause a
 stack-based buffer overflow via a specially crafted mailbox name that
 contains an single opening double-quote character, without the
 corresponding closing double-quote.

 Successful exploitation allows arbitrary code execution, but requires
 valid credentials on the IMAP server."

http://secunia.com/advisories/17062/
www.idefense.com/application/poi/display?id=313&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933

Patch from 2004g.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-an was added on branch pkgsrc-2005Q3 on 2005-10-05 15:49:44 +0000
@
text
@d1 17
@


1.1.2.2
log
@Pullup ticket 805 - requested by Lubomir Sedlacik
security fix for imap-uw

Revisions pulled up:
- pkgsrc/mail/imap-uw/Makefile		1.102
- pkgsrc/mail/imap-uw/buildlink3.mk	1.5
- pkgsrc/mail/imap-uw/distinfo		1.25
- pkgsrc/mail/imap-uw/patches/patch-an	1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Wed Oct  5 15:49:44 UTC 2005

   Modified Files:
           pkgsrc/mail/imap-uw: Makefile buildlink3.mk distinfo
   Added Files:
           pkgsrc/mail/imap-uw/patches: patch-an

   Log Message:
   Security fix for SA17062:

   "A vulnerability in UW-imapd can be exploited by malicious users to
    cause a DoS (Denial of Service) or compromise a vulnerable system.

    The vulnerability is caused due to a boundary error in the
    "mail_valid_net_parse_work()" function when copying the user supplied
    mailbox name to a stack buffer. This can be exploited to cause a
    stack-based buffer overflow via a specially crafted mailbox name that
    contains an single opening double-quote character, without the
    corresponding closing double-quote.

    Successful exploitation allows arbitrary code execution, but requires
    valid credentials on the IMAP server."

    valid credentials on the IMAP server."

   http://secunia.com/advisories/17062/
   www.idefense.com/application/poi/display?id=313&type=vulnerabilities
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933

   Patch from 2004g.
@
text
@a0 17
$NetBSD: patch-an,v 1.1.2.1 2005/10/08 06:18:10 snj Exp $

Security fix for CAN-2005-2933, from 2004g.

--- src/c-client/mail.c.orig	2005-03-17 01:12:17.000000000 +0100
+++ src/c-client/mail.c	2005-10-05 17:37:13.000000000 +0200
@@@@ -691,8 +691,10 @@@@
       if (c == '=') {		/* parse switches which take arguments */
 	if (*t == '"') {	/* quoted string? */
 	  for (v = arg,i = 0,++t; (c = *t++) != '"';) {
+            if (!c) return NIL; /* unterminated string */
 				/* quote next character */
 	    if (c == '\\') c = *t++;
+            if (!c) return NIL; /* can't quote NUL either */
 	    arg[i++] = c;
 	  }
 	  c = *t++;		/* remember delimiter for later */
@