pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/chat/libotr att patches from upstream to fix buffer ov...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/60c42ae7f994
branches:  trunk
changeset: 607332:60c42ae7f994
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Aug 09 10:06:46 2012 +0000

description:
att patches from upstream to fix buffer overflow in the base64
decoder which can lead to crashes or potentially code injection
(CVE-2012-3461)
bump PKGREV

diffstat:

 chat/libotr/Makefile                       |   4 +-
 chat/libotr/distinfo                       |   6 +++-
 chat/libotr/patches/patch-CVE-2012-3461-aa |  46 ++++++++++++++++++++++++++++++
 chat/libotr/patches/patch-CVE-2012-3461-ab |  36 +++++++++++++++++++++++
 chat/libotr/patches/patch-CVE-2012-3461-ac |  45 +++++++++++++++++++++++++++++
 chat/libotr/patches/patch-CVE-2012-3461-ad |  27 +++++++++++++++++
 6 files changed, 161 insertions(+), 3 deletions(-)

diffs (198 lines):

diff -r da82a919ebd9 -r 60c42ae7f994 chat/libotr/Makefile
--- a/chat/libotr/Makefile      Thu Aug 09 07:41:04 2012 +0000
+++ b/chat/libotr/Makefile      Thu Aug 09 10:06:46 2012 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2011/04/22 13:42:48 obache Exp $
+# $NetBSD: Makefile,v 1.11 2012/08/09 10:06:46 drochner Exp $
 
 VERSION=       3.2.0
 DISTNAME=      libotr-${VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    chat security
 MASTER_SITES=  http://www.cypherpunks.ca/otr/
 
diff -r da82a919ebd9 -r 60c42ae7f994 chat/libotr/distinfo
--- a/chat/libotr/distinfo      Thu Aug 09 07:41:04 2012 +0000
+++ b/chat/libotr/distinfo      Thu Aug 09 10:06:46 2012 +0000
@@ -1,5 +1,9 @@
-$NetBSD: distinfo,v 1.6 2008/06/17 13:58:08 gdt Exp $
+$NetBSD: distinfo,v 1.7 2012/08/09 10:06:47 drochner Exp $
 
 SHA1 (libotr-3.2.0.tar.gz) = e5e10b8ddaf59b0ada6046d156d0431cd2790db9
 RMD160 (libotr-3.2.0.tar.gz) = 937f512415eb3b82d5730b1aafbe5d55f4f153da
 Size (libotr-3.2.0.tar.gz) = 430299 bytes
+SHA1 (patch-CVE-2012-3461-aa) = f1faa1e43da256d44194817aeb59b3e92ddaffb2
+SHA1 (patch-CVE-2012-3461-ab) = 2827193d1cd440700f09cd7312ec9954a81aea11
+SHA1 (patch-CVE-2012-3461-ac) = abbecb337f3a7109b4a41debb2109528c64e22a0
+SHA1 (patch-CVE-2012-3461-ad) = 13edba7d8f16fc122ce2fd4fb2579e7e70056d5a
diff -r da82a919ebd9 -r 60c42ae7f994 chat/libotr/patches/patch-CVE-2012-3461-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/libotr/patches/patch-CVE-2012-3461-aa        Thu Aug 09 10:06:46 2012 +0000
@@ -0,0 +1,46 @@
+$NetBSD: patch-CVE-2012-3461-aa,v 1.1 2012/08/09 10:06:47 drochner Exp $
+
+--- src/b64.c.orig     2008-05-27 12:35:28.000000000 +0000
++++ src/b64.c
+@@ -55,7 +55,7 @@ VERSION HISTORY:
+ \******************************************************************* */
+ 
+ /* system headers */
+-#include <stdlib.h>
++#include <stdio.h>
+ #include <string.h>
+ 
+ /* libotr headers */
+@@ -147,8 +147,9 @@ static size_t decode(unsigned char *out,
+  * base64 decode data.  Skip non-base64 chars, and terminate at the
+  * first '=', or the end of the buffer.
+  *
+- * The buffer data must contain at least (base64len / 4) * 3 bytes of
+- * space.  This function will return the number of bytes actually used.
++ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes
++ * of space.  This function will return the number of bytes actually
++ * used.
+  */
+ size_t otrl_base64_decode(unsigned char *data, const char *base64data,
+       size_t base64len)
+@@ -234,13 +235,18 @@ int otrl_base64_otr_decode(const char *m
+       return -2;
+     }
+ 
++    /* Skip over the "?OTR:" */
++    otrtag += 5;
++    msglen -= 5;
++
+     /* Base64-decode the message */
+-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
++    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
+     rawmsg = malloc(rawlen);
+     if (!rawmsg && rawlen > 0) {
+       return -1;
+     }
+-    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
++
++    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
+ 
+     *bufp = rawmsg;
+     *lenp = rawlen;
diff -r da82a919ebd9 -r 60c42ae7f994 chat/libotr/patches/patch-CVE-2012-3461-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/libotr/patches/patch-CVE-2012-3461-ab        Thu Aug 09 10:06:46 2012 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2012-3461-ab,v 1.1 2012/08/09 10:06:47 drochner Exp $
+
+--- src/b64.h.orig     2008-05-27 12:35:28.000000000 +0000
++++ src/b64.h
+@@ -20,6 +20,19 @@
+ #ifndef __B64_H__
+ #define __B64_H__
+ 
++#include <stdlib.h>
++
++/* Base64 encodes blocks of this many bytes: */
++#define OTRL_B64_DECODED_LEN 3
++/* into blocks of this many bytes: */
++#define OTRL_B64_ENCODED_LEN 4
++
++/* An encoded block of length encoded_len can turn into a maximum of
++ * this many decoded bytes: */
++#define OTRL_B64_MAX_DECODED_SIZE(encoded_len) \
++    (((encoded_len + OTRL_B64_ENCODED_LEN - 1) / OTRL_B64_ENCODED_LEN) \
++      * OTRL_B64_DECODED_LEN)
++
+ /*
+  * base64 encode data.  Insert no linebreaks or whitespace.
+  *
+@@ -33,8 +46,9 @@ size_t otrl_base64_encode(char *base64da
+  * base64 decode data.  Skip non-base64 chars, and terminate at the
+  * first '=', or the end of the buffer.
+  *
+- * The buffer data must contain at least (base64len / 4) * 3 bytes of
+- * space.  This function will return the number of bytes actually used.
++ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes
++ * of space.  This function will return the number of bytes actually
++ * used.
+  */
+ size_t otrl_base64_decode(unsigned char *data, const char *base64data,
+       size_t base64len);
diff -r da82a919ebd9 -r 60c42ae7f994 chat/libotr/patches/patch-CVE-2012-3461-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/libotr/patches/patch-CVE-2012-3461-ac        Thu Aug 09 10:06:46 2012 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-CVE-2012-3461-ac,v 1.1 2012/08/09 10:06:47 drochner Exp $
+
+--- src/proto.c.orig   2008-05-27 12:35:28.000000000 +0000
++++ src/proto.c
+@@ -537,13 +537,17 @@ gcry_error_t otrl_proto_data_read_flags(
+       msglen = strlen(otrtag);
+     }
+ 
++    /* Skip over the "?OTR:" */
++    otrtag += 5;
++    msglen -= 5;
++
+     /* Base64-decode the message */
+-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
++    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
+     rawmsg = malloc(rawlen);
+     if (!rawmsg && rawlen > 0) {
+       return gcry_error(GPG_ERR_ENOMEM);
+     }
+-    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
++    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
+ 
+     bufp = rawmsg;
+     lenp = rawlen;
+@@ -606,14 +610,18 @@ gcry_error_t otrl_proto_accept_data(char
+       msglen = strlen(otrtag);
+     }
+ 
++    /* Skip over the "?OTR:" */
++    otrtag += 5;
++    msglen -= 5;
++
+     /* Base64-decode the message */
+-    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
++    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
+     rawmsg = malloc(rawlen);
+     if (!rawmsg && rawlen > 0) {
+       err = gcry_error(GPG_ERR_ENOMEM);
+       goto err;
+     }
+-    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
++    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
+ 
+     bufp = rawmsg;
+     lenp = rawlen;
diff -r da82a919ebd9 -r 60c42ae7f994 chat/libotr/patches/patch-CVE-2012-3461-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/libotr/patches/patch-CVE-2012-3461-ad        Thu Aug 09 10:06:46 2012 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-CVE-2012-3461-ad,v 1.1 2012/08/09 10:06:47 drochner Exp $
+
+--- toolkit/parse.c.orig       2008-05-27 12:35:28.000000000 +0000
++++ toolkit/parse.c
+@@ -64,7 +64,8 @@ static unsigned char *decode(const char 
+ {
+     const char *header, *footer;
+     unsigned char *raw;
+-      
++    size_t rawlen;
++
+     /* Find the header */
+     header = strstr(msg, "?OTR:");
+     if (!header) return NULL;
+@@ -75,8 +76,10 @@ static unsigned char *decode(const char 
+     footer = strchr(header, '.');
+     if (!footer) footer = header + strlen(header);
+ 
+-    raw = malloc((footer-header) / 4 * 3);
+-    if (raw == NULL && (footer-header >= 4)) return NULL;
++    rawlen = OTRL_B64_MAX_DECODED_SIZE(footer-header);
++
++    raw = malloc(rawlen);
++    if (raw == NULL && rawlen > 0) return NULL;
+     *lenp = otrl_base64_decode(raw, header, footer-header);
+ 
+     return raw;



Home | Main Index | Thread Index | Old Index