summaryrefslogtreecommitdiff
path: root/user/netqmail
diff options
context:
space:
mode:
authorLaurent Bercot <ska-adelie@skarnet.org>2020-05-21 11:41:37 +0000
committerLaurent Bercot <ska-adelie@skarnet.org>2020-05-21 11:41:37 +0000
commit78b054312b6c6e22a862c94d7a544f44c5161eb3 (patch)
tree2fc177cd9db0605940318f259f21c77df5ed5b4b /user/netqmail
parent357959274975f567bea4548c97719e4f573544f5 (diff)
downloadpackages-78b054312b6c6e22a862c94d7a544f44c5161eb3.tar.gz
packages-78b054312b6c6e22a862c94d7a544f44c5161eb3.tar.bz2
packages-78b054312b6c6e22a862c94d7a544f44c5161eb3.tar.xz
packages-78b054312b6c6e22a862c94d7a544f44c5161eb3.zip
user/netqmail: fix CVE-2005-1513
Diffstat (limited to 'user/netqmail')
-rw-r--r--user/netqmail/0005-CVE-2005-1513.patch19
-rw-r--r--user/netqmail/APKBUILD2
2 files changed, 21 insertions, 0 deletions
diff --git a/user/netqmail/0005-CVE-2005-1513.patch b/user/netqmail/0005-CVE-2005-1513.patch
new file mode 100644
index 000000000..3b3876cb3
--- /dev/null
+++ b/user/netqmail/0005-CVE-2005-1513.patch
@@ -0,0 +1,19 @@
+diff -rNU3 netqmail-1.06.old/alloc.c netqmail-1.06/alloc.c
+--- netqmail-1.06.old/alloc.c 1998-06-15 10:53:16.000000000 +0000
++++ netqmail-1.06/alloc.c 2020-05-21 11:33:24.689739728 +0000
+@@ -1,3 +1,4 @@
++#include <limits.h>
+ #include "alloc.h"
+ #include "error.h"
+ extern char *malloc();
+@@ -15,6 +16,10 @@
+ unsigned int n;
+ {
+ char *x;
++ if (n >= (INT_MAX >> 3)) {
++ errno = error_nomem;
++ return 0;
++ }
+ n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
+ if (n <= avail) { avail -= n; return space + avail; }
+ x = malloc(n);
diff --git a/user/netqmail/APKBUILD b/user/netqmail/APKBUILD
index 551895f83..6424c1812 100644
--- a/user/netqmail/APKBUILD
+++ b/user/netqmail/APKBUILD
@@ -19,6 +19,7 @@ source="http://www.netqmail.org/$pkgname-$pkgver.tar.gz
0002-qbiffutmpx-20170820.patch
0003-qmailremote-20170716.patch
0004-notifyfd.patch
+ 0005-CVE-2005-1513.patch
qmail.run
smtpd.run
smtpsd.run
@@ -106,6 +107,7 @@ ad126cad5c0d35351919ad87022fd94b910519d91cf82f38c158f423bbfc1b82455844a791ba0c69
b3af9c29e6d46daa2a1b9f677c6f32892d5f8c9b8d5c2bdd6f34b106dd5ad41394c05a5ebe145c6e29b4ced4482f08b2d09e7818fd309123c0d087600500e336 0002-qbiffutmpx-20170820.patch
cbebdc72c7cc5c437531c9277534ae552c6d044a83b36e3f3ce60ab5563c55eb814d6c543cc0997abab73075d1b517cc0929dd65674d468d517b0ca38196e2b4 0003-qmailremote-20170716.patch
b32a8a36c8ab8872abd4f1a117482f064a6d631a6bb2ba75cafe61743bef09f923d26935d9514eec33a7dec5aeb3d0b517d677e55924859d2db5233bc11f9f11 0004-notifyfd.patch
+ac8406c1d16ce2e55e47bc83ca6e095833a54de73cecee222cad3fcececa518386b95a11cb0c9c2dcc6851bae28aa539b11069305aa887a291177bf177ee7b01 0005-CVE-2005-1513.patch
954a905bac5e3bc49f180dc0de7f6ee4c4ae8f94dd400ee4b06d3c944f1ff1cfc44bddccb07ae439f2523ad06fcb89023e57d091737da88f836013757794e931 qmail.run
c0cd244af4d8186305c51b0e93960bdb1ea6ce40f1adf20c4f72419aa7498e35649590919ebd16547a0313676bf9171c9efea2ff8ac3a5c773b18473a972a977 smtpd.run
719c4ce5ad93cddeafbb734cffeec3fd959d3f374e44e1f34e9a25d638303dd97df41642d3df5c7a069a8db47d1e31c32a16ecd2d04b72860c4e00bbba0c9fcf smtpsd.run