rpms/sylpheed-claws/FC-3 sylpheed-claws-ldif-buffer-overflow-fix.diff, NONE, 1.1 sylpheed-claws.spec, 1.7, 1.8

Wed Nov 23 15:35:04 UTC 2005

Author: awjb

Update of /cvs/extras/rpms/sylpheed-claws/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28251

Modified Files:
	sylpheed-claws.spec 
Added Files:
	sylpheed-claws-ldif-buffer-overflow-fix.diff 
Log Message:
- fix #173997


sylpheed-claws-ldif-buffer-overflow-fix.diff:

--- NEW FILE sylpheed-claws-ldif-buffer-overflow-fix.diff ---
diff -ru sylpheed-claws-1.9.99/work/sylpheed-claws-1.9.99/src/ldif.c sylpheed-claws-1.9.100/work/sylpheed-claws-1.9.100/src/ldif.c
--- sylpheed-claws-1.9.99/work/sylpheed-claws-1.9.99/src/ldif.c	2005-09-21 19:52:31.000000000 +0200
+++ sylpheed-claws-1.9.100/work/sylpheed-claws-1.9.100/src/ldif.c	2005-11-07 19:41:26.000000000 +0100
@@ -306,26 +306,28 @@
 static gchar *ldif_get_line( LdifFile *ldifFile ) {
 	gchar buf[ LDIFBUFSIZE ];
 	gint ch;
-	gchar *ptr;
+	int i = 0;
 
-	if( feof( ldifFile->file ) ) return NULL;
+	if( feof( ldifFile->file ) ) 
+		return NULL;
 
-	ptr = buf;
-	while( TRUE ) {
-		*ptr = '\0';
+	while( i < LDIFBUFSIZE-1 ) {
 		ch = fgetc( ldifFile->file );
 		if( ch == '\0' || ch == EOF ) {
-			if( *buf == '\0' ) return NULL;
+			if( i == 0 ) return NULL;
 			break;
 		}
 #if HAVE_DOSISH_SYSTEM
 #else
-		if( ch == '\r' ) continue;
+		if( ch == '\r' ) 
+			continue;
 #endif
-		if( ch == '\n' ) break;
-		*ptr = ch;
-		ptr++;
+		if( ch == '\n' ) 
+			break;
+		buf[i] = ch;
+		i++;
 	}
+	buf[i] = '\0';
 
 	/* Return a copy of buffer */
 	return g_strdup( buf );
@@ -483,6 +485,14 @@
 			fullName = g_strdup_printf( "%s", lastName );
 		}
 	}
+	
+	if (!fullName || strlen(fullName) == 0) {
+		g_free(fullName);
+		fullName = NULL;
+		if (rec->listCName)
+			fullName = g_strdup(rec->listCName->data);
+	}
+	
 	if( fullName ) {
 		g_strchug( fullName ); g_strchomp( fullName );
 	}
@@ -723,7 +733,17 @@
 			if( lastTag ) {
 				/* Save record */
 				fullValue = mgu_list_coalesce( listValue );
-
+				if (fullValue && last64) {
+					gchar *out = g_malloc(strlen(fullValue));
+					int len = 0;
+					if ((len = base64_decode(out, fullValue,
+							strlen(fullValue))) >= 0) {
+						g_free(fullValue);
+						fullValue = out;
+						fullValue[len] = '\0';
+					} else
+						g_free(out);
+				}
 				/* Base-64 encoded data */
 				/*
 				if( last64 ) {
@@ -764,6 +784,17 @@
 							/* Save data */
 							fullValue =
 								mgu_list_coalesce( listValue );
+							if (fullValue && last64) {
+								gchar *out = g_malloc(strlen(fullValue));
+								int len = 0;
+								if ((len = base64_decode(out, fullValue,
+										strlen(fullValue))) >= 0) {
+									g_free(fullValue);
+									fullValue = out;
+									fullValue[len] = '\0';
+								} else
+									g_free(out);
+							}
 							/* Base-64 encoded data */
 							/*
 							if( last64 ) {
@@ -908,7 +939,6 @@
 	/* Process file */
 	while( ! flagEOF ) {
 		gchar *line = ldif_get_line( ldifFile );
-
 		posCur = ftell( ldifFile->file );
 		if( ldifFile->cbProgress ) {
 			/* Call progress indicator */
diff -ru sylpheed-claws-1.9.99/work/sylpheed-claws-1.9.99/src/mutt.c sylpheed-claws-1.9.100/work/sylpheed-claws-1.9.100/src/mutt.c
--- sylpheed-claws-1.9.99/work/sylpheed-claws-1.9.99/src/mutt.c	2005-09-21 19:52:32.000000000 +0200
+++ sylpheed-claws-1.9.100/work/sylpheed-claws-1.9.100/src/mutt.c	2005-11-07 11:59:11.000000000 +0100
@@ -159,34 +159,37 @@
 static gchar *mutt_get_line( MuttFile *muttFile, gboolean *flagCont ) {
 	gchar buf[ MUTTBUFSIZE ];
 	int ch, lch;
-	gchar *ptr, *lptr;
+	int i = 0, li = 0;
 
 	*flagCont = FALSE;
-	if( feof( muttFile->file ) ) return NULL;
+	if( feof( muttFile->file ) ) 
+		return NULL;
+
+	memset(buf, 0, MUTTBUFSIZE);
 
-	ptr = buf;
 	lch = '\0';
-	lptr = NULL;
-	while( TRUE ) {
-		*ptr = '\0';
+	while( i < MUTTBUFSIZE-1 ) {
 		ch = fgetc( muttFile->file );
 		if( ch == '\0' || ch == EOF ) {
-			if( *buf == '\0' ) return NULL;
+			if( i == 0 ) 
+				return NULL;
 			break;
 		}
 		if( ch == '\n' ) {
 			if( lch == '\\' ) {
 				/* Replace backslash with NULL */
-				if( lptr ) *lptr = '\0';
+				if( li != 0 ) 
+					buf[li] = '\0';
 				*flagCont = TRUE;
 			}
 			break;
 		}
-		*ptr = ch;
-		lptr = ptr;
+		buf[i] = ch;
+		li = i;
 		lch = ch;
-		ptr++;
+		i++;
 	}
+	buf[i]='\0';
 
 	/* Copy into private buffer */
 	return g_strdup( buf );
diff -ru sylpheed-claws-1.9.99/work/sylpheed-claws-1.9.99/src/pine.c sylpheed-claws-1.9.100/work/sylpheed-claws-1.9.100/src/pine.c
--- sylpheed-claws-1.9.99/work/sylpheed-claws-1.9.99/src/pine.c	2005-09-21 19:52:32.000000000 +0200
+++ sylpheed-claws-1.9.100/work/sylpheed-claws-1.9.100/src/pine.c	2005-11-07 11:59:11.000000000 +0100
@@ -163,31 +163,32 @@
  */
 static gchar *pine_read_line( PineFile *pineFile ) {
 	gchar buf[ PINEBUFSIZE ];
-	int c;
+	int c, i = 0;
 	gchar ch;
-	gchar *ptr;
 
-	if( feof( pineFile->file ) ) return NULL;
+	if( feof( pineFile->file ) ) 
+		return NULL;
 
-	ptr = buf;
-	while( TRUE ) {
-		*ptr = '\0';
+	while( i < PINEBUFSIZE-1 ) {
 		c = fgetc( pineFile->file );
 		if( c == EOF ) {
-			if( *buf == '\0' ) return NULL;
+			if( i == 0 ) 
+				return NULL;
 			break;
 		}
 		ch = (gchar) c;
 		if( ch == '\0' ) {
-			if( *buf == '\0' ) return NULL;
+			if( i == 0 ) 
+				return NULL;
 			break;
 		}
 		if( ch == '\n' ) {
 			break;
 		}
-		*ptr = ch;
-		ptr++;
+		buf[i] = ch;
+		i++;
 	}
+	buf[i] = '\0';
 
 	/* Copy into private buffer */
 	return g_strdup( buf );


Index: sylpheed-claws.spec
===================================================================
RCS file: /cvs/extras/rpms/sylpheed-claws/FC-3/sylpheed-claws.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- sylpheed-claws.spec	7 Jul 2005 10:32:07 -0000	1.7
+++ sylpheed-claws.spec	23 Nov 2005 15:35:02 -0000	1.8
@@ -2,13 +2,16 @@
 
 Name:           sylpheed-claws
 Version:        1.0.5
-Release:        1
+Release:        2
 Epoch:          0
 Summary:        The bleeding edge branch of Sylpheed
 Group:          Applications/Internet
 License:        GPL
 URL:            http://claws.sylpheed.org
 Source0:        http://dl.sourceforge.net/sylpheed-claws/sylpheed-claws-1.0.5.tar.bz2
+#CVE-2005-3354
+# from gentoo http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/mail-client/sylpheed-claws/files/ldif-buffer-overflow-fix.diff
+Patch0:         sylpheed-claws-ldif-buffer-overflow-fix.diff
 Source1:        sylpheed.desktop
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires:  flex, bison
@@ -45,6 +48,7 @@
 
 %prep
 %setup
+%patch0 -p3
 
 %build
 %if %openssl_pc
@@ -108,6 +112,10 @@
 %{_libdir}/pkgconfig/sylpheed-claws.pc
 
 %changelog
+* Wed Nov 23 2005 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+0:1.0.5-2
+- fix #173997 (CVE-2005-3354)
+
 * Thu Jul 07 2005 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 0:1.0.5-1
 - Version upgrade


