diff options
author | Rolf Eike Beer <eike@sf-mail.de> | 2020-05-19 16:16:07 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-05-19 20:36:35 +0200 |
commit | 3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa (patch) | |
tree | ac33004193c5aab2b0532ec89c9a8734562598dd /mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch | |
parent | media-video/obs-studio: sync live ebuild keywords (diff) | |
download | gentoo-3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa.tar.gz gentoo-3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa.tar.bz2 gentoo-3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa.zip |
mail-mta/netqmail-1.06-r13: revbump for CVE-2005-1513, CVE-2005-1514, CVE-2005-1515
Bug: https://bugs.gentoo.org/721566
Signed-off-by: Rolf Eike Beer <kde@opensource.sf-tec.de>
Closes: https://github.com/gentoo/gentoo/pull/15881
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch')
-rw-r--r-- | mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch new file mode 100644 index 000000000000..3876c290b676 --- /dev/null +++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch @@ -0,0 +1,39 @@ +From dc617a2f2d31e4c448b806791b3f8736cf9d1ffb Mon Sep 17 00:00:00 2001 +From: Rolf Eike Beer <eike@sf-mail.de> +Date: Tue, 12 May 2020 20:06:38 +0200 +Subject: [PATCH 2/4] fix possible signed integer overflow in commands() + (CVE-2005-1514) + +Fix it as suggested by the Qualys Security Advisory team. +--- + commands.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/commands.c b/commands.c +index b0d3f61..90a50c9 100644 +--- a/commands.c ++++ b/commands.c +@@ -10,16 +10,17 @@ int commands(ss,c) + substdio *ss; + struct commands *c; + { +- int i; ++ unsigned int i; + char *arg; + + for (;;) { + if (!stralloc_copys(&cmd,"")) return -1; + + for (;;) { ++ int j; + if (!stralloc_readyplus(&cmd,1)) return -1; +- i = substdio_get(ss,cmd.s + cmd.len,1); +- if (i != 1) return i; ++ j = substdio_get(ss,cmd.s + cmd.len,1); ++ if (j != 1) return j; + if (cmd.s[cmd.len] == '\n') break; + ++cmd.len; + } +-- +2.26.1 + |