Subject: pkg/24982: news/nntpclnt auth bugs
To: None <gnats-bugs@gnats.NetBSD.org>
From: Gary Duzan <gary@duzan.org>
List: pkgsrc-bugs
Date: 03/30/2004 19:04:46
>Number:         24982
>Category:       pkg
>Synopsis:       news/nntpclnt auth bugs
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 31 00:05:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Gary Duzan
>Release:        NetBSD 1.6ZK, pkgsrc as of March 30, 2004
>Organization:
	Not Much
>Environment:
System: NetBSD capo 1.6ZK NetBSD 1.6ZK (CAPO) #5: Sun Feb 22 09:40:20 EST 2004 gary@capo:/usr2/src/sys/arch/i386/compile/obj.i386/CAPO i386
Architecture: i386
Machine: i386
>Description:
	inews core dumps when it needs to authenticate with the server
	due to a sscanf() usage bug. After that is fixed, the host,
	username, and/or password can rather easily overflow the given
	buffer sizes, leading to authentication failure.
>How-To-Repeat:
	Try to post to a server requiring authentication.
>Fix:
diff -r -u -N nntpclnt/Makefile nntpclnt.new/Makefile
--- nntpclnt/Makefile	2003-07-17 18:52:09.000000000 -0400
+++ nntpclnt.new/Makefile	2004-03-30 08:45:55.000000000 -0500
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.20 2003/07/17 22:52:09 grant Exp $
 
 DISTNAME=	nntpclnt-1.6.1
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	news
 MASTER_SITES=	ftp://ftp.uu.net/networking/news/nntp/
 
diff -r -u -N nntpclnt/distinfo nntpclnt.new/distinfo
--- nntpclnt/distinfo	2002-09-18 02:28:05.000000000 -0400
+++ nntpclnt.new/distinfo	2004-03-30 08:44:43.000000000 -0500
@@ -4,3 +4,4 @@
 Size (nntpclnt-1.6.1.tar.gz) = 34369 bytes
 SHA1 (patch-aa) = 62bcf11bb2cb0b39baf8188816a039165e9e6338
 SHA1 (patch-ab) = 2cffb1a1eb68c7520bef6b81d41c924e5aa5be2c
+SHA1 (patch-ac) = 5b33e1012e5878b6537494667c5420c62ceb7d5d
diff -r -u -N nntpclnt/patches/patch-ac nntpclnt.new/patches/patch-ac
--- nntpclnt/patches/patch-ac	1969-12-31 19:00:00.000000000 -0500
+++ nntpclnt.new/patches/patch-ac	2004-03-30 08:40:55.000000000 -0500
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- postauth.c.orig	1994-08-11 17:37:52.000000000 -0400
++++ postauth.c	2004-03-30 08:33:59.000000000 -0500
+@@ -31,7 +31,7 @@
+ {
+ 	char authtype[NNTP_STRLEN];
+ 	int i, rcode;
+-	if((i = sscanf(response,"%d %s", rcode, authtype)) != 2)
++	if((i = sscanf(response,"%d %s", &rcode, authtype)) != 2)
+ 		return(-1);
+ #ifdef AUTHSIMPLE
+ 	if (!strcasecmp(authtype,"SIMPLE"))
+@@ -54,7 +54,7 @@
+ authsimple(host)
+ char * host;
+ {
+-	char remote[256], user[16], pass[16];
++	char remote[256], user[256], pass[256];
+ 	char buf[BUFSIZ];
+ 	int i;
+ 
+@@ -110,7 +110,7 @@
+ authold(host)
+ char *host;
+ {
+-	char remote[64], user[16], pass[16];
++	char remote[256], user[256], pass[256];
+ 	char buf[1024];
+ 	int i;
+ 
>Release-Note:
>Audit-Trail:
>Unformatted: