pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/gld Update to 1.5 to fix security vulnerability i...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1cb5406a0218
branches:  trunk
changeset: 492463:1cb5406a0218
user:      christos <christos%pkgsrc.org@localhost>
date:      Wed Apr 13 16:19:59 2005 +0000

description:
Update to 1.5 to fix security vulnerability issues.
- Add more patches to totally eliminate strcpy(); this code is horrible.

diffstat:

 mail/gld/Makefile         |    4 +-
 mail/gld/distinfo         |   11 +-
 mail/gld/patches/patch-aa |   10 +-
 mail/gld/patches/patch-ab |  306 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 319 insertions(+), 12 deletions(-)

diffs (truncated from 363 to 300 lines):

diff -r c1e2283ba3c8 -r 1cb5406a0218 mail/gld/Makefile
--- a/mail/gld/Makefile Wed Apr 13 16:16:50 2005 +0000
+++ b/mail/gld/Makefile Wed Apr 13 16:19:59 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.4 2005/04/11 21:46:19 tv Exp $
+# $NetBSD: Makefile,v 1.5 2005/04/13 16:19:59 christos Exp $
 #
 
-DISTNAME=              gld-1.4
+DISTNAME=              gld-1.5
 PKGREVISION=           1
 CATEGORIES=            mail
 MASTER_SITES=          http://www.gasmi.net/down/
diff -r c1e2283ba3c8 -r 1cb5406a0218 mail/gld/distinfo
--- a/mail/gld/distinfo Wed Apr 13 16:16:50 2005 +0000
+++ b/mail/gld/distinfo Wed Apr 13 16:19:59 2005 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.2 2005/02/24 09:59:22 agc Exp $
+$NetBSD: distinfo,v 1.3 2005/04/13 16:19:59 christos Exp $
 
-SHA1 (gld-1.4.tgz) = c5844b1537407dad658fd4e47fe6104047af9346
-RMD160 (gld-1.4.tgz) = f0f088384d896b9ce156c07afa172740ff621f9b
-Size (gld-1.4.tgz) = 35714 bytes
-SHA1 (patch-aa) = 90310c9e831372c7a94048cff47c72a17b65f605
+SHA1 (gld-1.5.tgz) = febc398be2e68bf7b4bc6e3015da2f225760204d
+RMD160 (gld-1.5.tgz) = dab09c1776fb014effdd3d87d4a6808274bbfdd9
+Size (gld-1.4.tgz) = 39030 bytes
+SHA1 (patch-aa) = ef415ff661dfe07d02158f5684b1cf182e76f757
+SHA1 (patch-ab) = ac69f29dced3d972837ac90b7ad23bdcbed70c17
diff -r c1e2283ba3c8 -r 1cb5406a0218 mail/gld/patches/patch-aa
--- a/mail/gld/patches/patch-aa Wed Apr 13 16:16:50 2005 +0000
+++ b/mail/gld/patches/patch-aa Wed Apr 13 16:19:59 2005 +0000
@@ -1,15 +1,15 @@
-$NetBSD: patch-aa,v 1.1.1.1 2004/11/25 05:42:40 xtraeme Exp $
+$NetBSD: patch-aa,v 1.2 2005/04/13 16:19:59 christos Exp $
 
---- Makefile.in.orig   2004-07-14 22:52:53.000000000 +0200
-+++ Makefile.in        2004-11-25 05:53:05.000000000 +0100
+--- Makefile.in.orig   2004-10-12 08:41:49.000000000 -0400
++++ Makefile.in        2005-04-13 11:53:50.000000000 -0400
 @@ -1,8 +1,8 @@
  all: gld
  
  gld: cnf.o server.o sql.o sockets.o greylist.o gld.h
--      @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @MYSQL_LIBS@ -o gld
+-      @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @LIBS@ @SQL_LIBS@ -o gld
 -      strip gld
 +      @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o \
-+              $(LDFLAGS) -lmysqlclient -o gld
++          $(LDFLAGS) -lmysqlclient -o gld
  
  sockets.o: sockets.c sockets.h
        @CC@ -O2 @DEFS@ -Wall -c sockets.c
diff -r c1e2283ba3c8 -r 1cb5406a0218 mail/gld/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/gld/patches/patch-ab Wed Apr 13 16:19:59 2005 +0000
@@ -0,0 +1,306 @@
+$NetBSD: patch-ab,v 1.1 2005/04/13 16:19:59 christos Exp $
+
+--- greylist.c.orig    2005-04-13 05:26:10.000000000 -0400
++++ greylist.c 2005-04-13 12:03:39.000000000 -0400
+@@ -21,8 +21,11 @@
+ 
+ ts=time(0);
+ strncpy(oip,ip,sizeof(oip)-1);
++oip[sizeof(oip)-1] = '\0';
+ strncpy(osender,sender,sizeof(osender)-1);
++osender[sizeof(osender)-1] = '\0';
+ strncpy(orecipient,recipient,sizeof(orecipient)-1);
++orecipient[sizeof(orecipient)-1] = '\0';
+ 
+ if(conf->debug==1) printf("%d: Starting the greylist algo\n",pid);
+ 
+@@ -68,10 +71,18 @@
+         if(conf->debug==1) printf("%d: lightgrey on domain is on, let's keep the domain only on recipient and sender\n",pid);
+ 
+         domain=(char *)strstr(osender,"@");
+-      if(domain!=NULL) strncpy(sender,domain,BLEN-1);
++      if(domain!=NULL)
++              {
++              strncpy(sender,domain,BLEN-1);
++              sender[BLEN-1] = '\0';
++              }
+ 
+         domain=(char *)strstr(orecipient,"@");
+-      if(domain!=NULL) strncpy(recipient,domain,BLEN-1);
++      if(domain!=NULL)
++              {
++              strncpy(recipient,domain,BLEN-1);
++              recipient[BLEN-1] = '\0';
++              }
+         }
+ 
+ //
+@@ -119,6 +130,7 @@
+               if(domain==NULL) domain=osender;
+ 
+               strncpy(netw,oip,sizeof(netw)-1);
++              netw[sizeof(netw)-1] = '\0';
+               l=strlen(netw);
+               for(i=l-1;i>=0;i--)
+                       if(netw[i]=='.')
+@@ -148,7 +160,7 @@
+               if(x==4)
+                       {
+                       snprintf(query,sizeof(query)-1,"%d.%d.%d.%d.%s",d,c,b,a,conf->dnswl);
+-                      n=DnsIp(query,NULL);
++                      n=DnsIp(query,NULL, 0);
+                       if(conf->debug==1) printf("%d: DNSQuery=(%s) result=%ld\n",pid,query,n);
+                       if(n==0)
+                               {
+--- cnf.c.orig 2005-04-13 12:06:54.000000000 -0400
++++ cnf.c      2005-04-13 12:11:51.000000000 -0400
+@@ -36,11 +36,16 @@
+ 
+ // We set the default values
+ 
+-strcpy(conf->sqlhost,"localhost");
+-strcpy(conf->sqluser,"myuser");
+-strcpy(conf->sqldb,"mydb");
+-strcpy(conf->sqlpasswd,"mypasswd");
+-strcpy(conf->message,"Greylisted");
++strncpy(conf->sqlhost,"localhost",sizeof(conf->sqlhost)-1);
++conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0';
++strncpy(conf->sqluser,"myuser",sizeof(conf->sqluser)-1);
++conf->sqluser[sizeof(conf->sqluser)-1] = '\0';
++strncpy(conf->sqldb,"mydb",sizeof(conf->sqldb)-1);
++conf->sqldb[sizeof(conf->sqldb)-1] = '\0';
++strncpy(conf->sqlpasswd,"mypasswd",sizeof(conf->sqlpasswd)-1);
++conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0';
++strncpy(conf->message,"Greylisted",sizeof(conf->message)-1);
++conf->message[sizeof(conf->message)-1] = '\0';
+ conf->port=2525;
+ conf->maxcon=100;
+ conf->mini=60;
+@@ -73,14 +78,46 @@
+               buffer[strlen(buffer)-1]=0;
+                 *p=0;
+                 if(strcmp(buffer,"CLIENTS")==0) ReadClients(conf,p+1);
+-                if(strcmp(buffer,"USER")==0) strcpy(conf->user,p+1);
+-                if(strcmp(buffer,"GROUP")==0) strcpy(conf->grp,p+1);
+-                if(strcmp(buffer,"DNSWL")==0) strcpy(conf->dnswl,p+1);
+-                if(strcmp(buffer,"SQLHOST")==0) strcpy(conf->sqlhost,p+1);
+-                if(strcmp(buffer,"SQLUSER")==0) strcpy(conf->sqluser,p+1);
+-                if(strcmp(buffer,"SQLDB")==0) strcpy(conf->sqldb,p+1);
+-                if(strcmp(buffer,"SQLPASSWD")==0) strcpy(conf->sqlpasswd,p+1);
+-                if(strcmp(buffer,"MESSAGE")==0) strcpy(conf->message,p+1);
++                if(strcmp(buffer,"USER")==0)
++                      {
++                      strncpy(conf->user,p+1,sizeof(conf->user)-1);
++                      conf->user[sizeof(conf->user)-1] = '\0';
++                      }
++                if(strcmp(buffer,"GROUP")==0)
++                      {
++                      strncpy(conf->grp,p+1,sizeof(conf->grp)-1);
++                      conf->grp[sizeof(conf->grp)-1] = '\0';
++                      }
++                if(strcmp(buffer,"DNSWL")==0)
++                      {
++                      strncpy(conf->dnswl,p+1,sizeof(conf->dnswl)-1);
++                      conf->dnswl[sizeof(conf->dnswl)-1] = '\0';
++                      }
++                if(strcmp(buffer,"SQLHOST")==0)
++                      {
++                      strncpy(conf->sqlhost,p+1,sizeof(conf->sqlhost)-1);
++                      conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0';
++                      }
++                if(strcmp(buffer,"SQLUSER")==0)
++                      {
++                      strncpy(conf->sqluser,p+1,sizeof(conf->sqluser)-1);
++                      conf->sqluser[sizeof(conf->sqluser)-1] = '\0';
++                      }
++                if(strcmp(buffer,"SQLDB")==0)
++                      {
++                      strncpy(conf->sqldb,p+1,sizeof(conf->sqldb)-1);
++                      conf->sqldb[sizeof(conf->sqldb)-1] = '\0';
++                      }
++                if(strcmp(buffer,"SQLPASSWD")==0)
++                      {
++                      strncpy(conf->sqlpasswd,p+1,sizeof(conf->sqlpasswd)-1);
++                      conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0';
++                      }
++                if(strcmp(buffer,"MESSAGE")==0)
++                      {
++                      strncpy(conf->message,p+1,sizeof(conf->message)-1);
++                      conf->message[sizeof(conf->message)-1] = '\0';
++                      }
+                 if(strcmp(buffer,"PORT")==0) conf->port=atoi(p+1);
+                 if(strcmp(buffer,"MAXCON")==0) conf->maxcon=atoi(p+1);
+                 if(strcmp(buffer,"MINTIME")==0) conf->mini=atol(p+1);
+--- server.c.orig      2005-04-13 03:28:29.000000000 -0400
++++ server.c   2005-04-13 12:15:36.000000000 -0400
+@@ -208,7 +208,7 @@
+ int pid;
+ 
+ pid=getpid();
+-GetPeerIp(s,ip,buff);
++GetPeerIp(s,ip,BLEN,buff,BLEN);
+ 
+ //
+ // We check if this IP is authorized to connect to us
+@@ -261,21 +261,34 @@
+       // Now, we are sure our buffer string length is no more than BLEN
+       // as all parameters are defined also as buffers with a BLEN size
+       // no buffer overflow is possible using strcpy .
++      // But what's the point. Protect it anyway.
+       //
+ 
+       if(strcmp(buff,"")==0) break;
+ 
+       if(strncmp(buff,"request=",8)==0)
+-              strcpy(request,buff+8);
++              {
++              strncpy(request,buff+8, sizeof(request)-1);
++              request[sizeof(request)-1] = '\0';
++              }
+ 
+       if(strncmp(buff,"sender=",7)==0)
+-              strcpy(sender,buff+7);
++              {
++              strncpy(sender,buff+7, sizeof(sender)-1);
++              sender[sizeof(sender)-1] = '\0';
++              }
+ 
+       if(strncmp(buff,"recipient=",10)==0)
+-              strcpy(recipient,buff+10);
++              {
++              strncpy(recipient,buff+10, sizeof(recipient)-1);
++              recipient[sizeof(recipient)-1] = '\0';
++              }
+ 
+       if(strncmp(buff,"client_address=",15)==0)
+-              strcpy(ip,buff+15);
++              {
++              strncpy(ip,buff+15,sizeof(ip)-1);
++              ip[sizeof(ip)-1] = '\0';
++              }
+ 
+       }
+ 
+@@ -300,7 +313,11 @@
+ // Now, we can safely use, str** functions
+ //
+ 
+-if(sender[0]==0) strcpy(sender,"void@void");
++if(sender[0]==0)
++      {
++      strncpy(sender,"void@void",sizeof(sender)-1);
++      sender[sizeof(sender)-1] = '\0';
++      }
+ 
+ if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0)
+       {
+--- sockets.c.orig     2004-10-12 08:39:34.000000000 -0400
++++ sockets.c  2005-04-13 12:06:13.000000000 -0400
+@@ -540,7 +540,7 @@
+ /*                                              */
+ /************************************************/
+ 
+-int DnsIp(char *host,char *ip)
++int DnsIp(char *host,char *ip, size_t len)
+ {
+ struct hostent *hostptr;
+ struct in_addr *ptr;
+@@ -552,7 +552,11 @@
+ 
+ ptr=(struct in_addr *) *hostptr->h_addr_list;
+ 
+-if(ip!=NULL) strcpy(ip,(char *)inet_ntoa(*ptr));
++if(ip!=NULL)
++      {
++      strncpy(ip,(char *)inet_ntoa(*ptr), len - 1);
++      ip[len-1] = '\0';
++      }
+ return(0);
+ }
+ 
+@@ -572,13 +576,14 @@
+ /*                                              */
+ /************************************************/
+ 
+-int DnsFQDN(char *host,char *fqdn)
++int DnsFQDN(char *host,char *fqdn, size_t len)
+ {
+ struct hostent *hostptr;
+ 
+ if((hostptr=(struct hostent *)gethostbyname(host))==NULL) return(S_HOST_ERR);
+ 
+-strcpy(fqdn,hostptr->h_name);
++strncpy(fqdn,hostptr->h_name, len-1);
++fqdn[len-1] = '\0';
+ return(0);
+ 
+ }
+@@ -599,7 +604,7 @@
+ /*                                              */
+ /************************************************/
+ 
+-int DnsName(char *ip,char *fqdn)
++int DnsName(char *ip,char *fqdn, size_t len)



Home | Main Index | Thread Index | Old Index