mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-01 01:17:02 +00:00
Code Issues Releases Activity

Complete fix for CVE-2017-15132

Browse Source 
Complete fix for CVE-2017-15132, the previous fix was not enough, and caused
the request to remain after an abort, causing a use-after-free later on.

PR:		225585
Submitted by:	Vladimir Krstulja
Approved by:	adamw (maintainer)
MFH:		2018Q1
This commit is contained in:
Niclas Zeising 2018-02-01 13:23:40 +00:00
parent d39802fdd0
commit a73c7312d7
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=460590
4 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mail/dovecot/Makefile
View File

@ -13,7 +13,7 @@
PORTNAME= dovecot
PORTVERSION= 2.2.33.2
PORTREVISION= 3
PORTREVISION= 4
CATEGORIES= mail ipv6
MASTER_SITES= https://www.dovecot.org/releases/2.2/

6
mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
View File

@ -1,10 +1,12 @@
--- src/lib-auth/auth-client-request.c.orig 2017-10-05 17:10:44 UTC
+++ src/lib-auth/auth-client-request.c
@@ -180,6 +180,7 @@ void auth_client_request_abort(struct auth_client_requ
@@ -180,6 +180,9 @@ void auth_client_request_abort(struct auth_client_requ
auth_client_send_cancel(request->conn->client, request->id);
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+ pool_unref(&request->pool);
+ /* remove the request */
+ auth_server_connection_remove_request(request->conn, request->id);
+ pool_unref(&request->pool);
}
unsigned int auth_client_request_get_id(struct auth_client_request *request)

13
mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c Normal file
View File

@ -0,0 +1,13 @@
--- src/lib-auth/auth-server-connection.c.orig 2017-10-05 17:10:44 UTC
+++ src/lib-auth/auth-server-connection.c
@@ -481,3 +481,10 @@ auth_server_connection_add_request(struct auth_server_
hash_table_insert(conn->requests, POINTER_CAST(id), request);
return id;
}
+
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
+ unsigned int id)
+{
+ i_assert(conn->handshake_received);
+ hash_table_remove(conn->requests, POINTER_CAST(id));
+}

9
mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h Normal file
View File

@ -0,0 +1,9 @@
--- src/lib-auth/auth-server-connection.h.orig 2017-10-05 17:10:44 UTC
+++ src/lib-auth/auth-server-connection.h
@@ -38,4 +38,6 @@ void auth_server_connection_disconnect(struct auth_ser
unsigned int
auth_server_connection_add_request(struct auth_server_connection *conn,
struct auth_client_request *request);
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
+ unsigned int id);
#endif