Subject: pkg/24982: news/nntpclnt auth bugs
To: None <gnats-bugs@gnats.NetBSD.org>
From: Gary Duzan <gary@duzan.org>
List: pkgsrc-bugs
Date: 03/30/2004 19:04:46
>Number: 24982
>Category: pkg
>Synopsis: news/nntpclnt auth bugs
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Mar 31 00:05:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Gary Duzan
>Release: NetBSD 1.6ZK, pkgsrc as of March 30, 2004
>Organization:
Not Much
>Environment:
System: NetBSD capo 1.6ZK NetBSD 1.6ZK (CAPO) #5: Sun Feb 22 09:40:20 EST 2004 gary@capo:/usr2/src/sys/arch/i386/compile/obj.i386/CAPO i386
Architecture: i386
Machine: i386
>Description:
inews core dumps when it needs to authenticate with the server
due to a sscanf() usage bug. After that is fixed, the host,
username, and/or password can rather easily overflow the given
buffer sizes, leading to authentication failure.
>How-To-Repeat:
Try to post to a server requiring authentication.
>Fix:
diff -r -u -N nntpclnt/Makefile nntpclnt.new/Makefile
--- nntpclnt/Makefile 2003-07-17 18:52:09.000000000 -0400
+++ nntpclnt.new/Makefile 2004-03-30 08:45:55.000000000 -0500
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.20 2003/07/17 22:52:09 grant Exp $
DISTNAME= nntpclnt-1.6.1
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= news
MASTER_SITES= ftp://ftp.uu.net/networking/news/nntp/
diff -r -u -N nntpclnt/distinfo nntpclnt.new/distinfo
--- nntpclnt/distinfo 2002-09-18 02:28:05.000000000 -0400
+++ nntpclnt.new/distinfo 2004-03-30 08:44:43.000000000 -0500
@@ -4,3 +4,4 @@
Size (nntpclnt-1.6.1.tar.gz) = 34369 bytes
SHA1 (patch-aa) = 62bcf11bb2cb0b39baf8188816a039165e9e6338
SHA1 (patch-ab) = 2cffb1a1eb68c7520bef6b81d41c924e5aa5be2c
+SHA1 (patch-ac) = 5b33e1012e5878b6537494667c5420c62ceb7d5d
diff -r -u -N nntpclnt/patches/patch-ac nntpclnt.new/patches/patch-ac
--- nntpclnt/patches/patch-ac 1969-12-31 19:00:00.000000000 -0500
+++ nntpclnt.new/patches/patch-ac 2004-03-30 08:40:55.000000000 -0500
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- postauth.c.orig 1994-08-11 17:37:52.000000000 -0400
++++ postauth.c 2004-03-30 08:33:59.000000000 -0500
+@@ -31,7 +31,7 @@
+ {
+ char authtype[NNTP_STRLEN];
+ int i, rcode;
+- if((i = sscanf(response,"%d %s", rcode, authtype)) != 2)
++ if((i = sscanf(response,"%d %s", &rcode, authtype)) != 2)
+ return(-1);
+ #ifdef AUTHSIMPLE
+ if (!strcasecmp(authtype,"SIMPLE"))
+@@ -54,7 +54,7 @@
+ authsimple(host)
+ char * host;
+ {
+- char remote[256], user[16], pass[16];
++ char remote[256], user[256], pass[256];
+ char buf[BUFSIZ];
+ int i;
+
+@@ -110,7 +110,7 @@
+ authold(host)
+ char *host;
+ {
+- char remote[64], user[16], pass[16];
++ char remote[256], user[256], pass[256];
+ char buf[1024];
+ int i;
+
>Release-Note:
>Audit-Trail:
>Unformatted: