news/inn: fix plaintext command injection, CVE-2012-3523

Relevant only for INN installations that are using encryption.

PR:		171013
Approved by:	fluffy@FreeBSD.org (maintainer)
Security:	http://www.vuxml.org/freebsd/a7975581-ee26-11e1-8bd8-0022156e8794.html

news/inn/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME?=	inn
 PORTVERSION?=	2.5.2
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES=	news ipv6
 # Master distribution broken
 #MASTER_SITES?=	${MASTER_SITE_ISC}

news/inn/files/patch-cve-2012-3523-minimal

@@ -0,0 +1,61 @@
+Fixes CVE-2012-3523.  This is a stripped down version of 2.5.2 -> 2.5.3
+patch that adds line_reset() to the relevant places.
+
+Obtained-from: ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz
+diff -Nurp inn-2.5.2/nnrpd/line.c inn-2.5.3/nnrpd/line.c
+--- nnrpd/line.c	2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/line.c	2012-06-15 11:25:36.000000000 -0700
+@@ -66,6 +66,17 @@ line_init(struct line *line)
+     line->remaining = 0;
+ }
+ 
++/*
++**  Reset a line structure.
++*/
++void
++line_reset(struct line *line)
++{
++    assert(line);
++    line->where = line->start;
++    line->remaining = 0;
++}
++
+ /*
+ **  Timeout is used only if HAVE_SSL is defined.
+ */
+diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c
+--- nnrpd/misc.c	2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/misc.c	2012-06-15 11:25:36.000000000 -0700
+@@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN
+         GRPcount = 0;
+         PERMgroupmadeinvalid = false;
+     }
++
++    /* Reset our read buffer so as to prevent plaintext command injection. */
++    line_reset(&NNTPline);
+ }
+ #endif /* HAVE_SSL */
+diff -Nurp inn-2.5.2/nnrpd/nnrpd.h inn-2.5.3/nnrpd/nnrpd.h
+--- nnrpd/nnrpd.h	2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/nnrpd.h	2012-06-15 11:25:36.000000000 -0700
+@@ -292,6 +292,7 @@ void PY_dynamic_init (char* file);
+ 
+ void line_free(struct line *);
+ void line_init(struct line *);
++void line_reset(struct line *);
+ READTYPE line_read(struct line *, int, const char **, size_t *, size_t *);
+ 
+ #ifdef HAVE_SASL
+diff -Nurp inn-2.5.2/nnrpd/sasl.c inn-2.5.3/nnrpd/sasl.c
+--- nnrpd/sasl.c	2010-03-24 13:10:36.000000000 -0700
++++ nnrpd/sasl.c	2012-06-15 11:25:36.000000000 -0700
+@@ -326,6 +326,9 @@ SASLauth(int ac, char *av[])
+                 GRPcount = 0;
+                 PERMgroupmadeinvalid = false;
+             }
++
++            /* Reset our read buffer so as to prevent plaintext command injection. */
++            line_reset(&NNTPline);
+         }
+     } else {
+ 	/* Failure. */

security/vuxml/vuln.xml

@@ -163,7 +163,7 @@ Note:  Please add new entries to the beginning of this file.
     <affects>
       <package>
         <name>inn</name>
-        <range><lt>2.5.3</lt></range>
+        <range><lt>2.5.2_2</lt></range>
       </package>
     </affects>
     <description>