Legacy 7.3 imap-2001a-10.1 and CAN-2005-2933
Ville Herva
vherva at viasys.com
Wed Oct 12 10:16:51 UTC 2005
I don't know if anyone cares about RH73 and imap-2001a anymore, but I think
this vulnerability applies to imap-2001a-10.1.legacy too:
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
http://www.linuxsecurity.com/content/view/120575
I took the source from
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/imap-2001a-10.1.legacy.src.rpm
and modified the mail.c patch from
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
to apply to 2001a.
It was just a blind patch weeding job - I didn't actually verify that
imap-2001a isn't invulnerable to this or vulnerable to something else.
I case anyone is interested, here's the modified .spec and the patch.
Just do
rpm -i imap-2001a-10.1.legacy.src.rpm
cp imap.spec.patched /usr/src/redhat/SPECS/imap.spec
cp imap-2001a-CAN-2005-2933_fix.patch /usr/src/redhat/SOURCES/
rpm -bb /usr/src/redhat/SPECS/imap.spec
-- v --
v at iki.fi
-------------- next part --------------
#!/bin/bash
%define Build_7 1
%define Build_62 0
%if %{Build_7}
%define with_xinetd 1
%endif
%if %{Build_62}
%define with_xinetd 0
%endif
Summary: Server daemons for IMAP and POP network mail protocols.
Name: imap
Version: 2001a
# Last 6.2 release: 2000c-1.6.1, last 5.2 release: 2000c-1.5.1
Release: 10.2.legacy
Epoch: 1
License: University of Washington Free-Fork License
Group: System Environment/Daemons
URL: http://www.washington.edu/imap/
Source: imap-%{version}.tar.bz2
Source1: imap.pamd
Source2: imap.pamd.6
Source3: imap-xinetd
Source4: ipop2-xinetd
Source5: ipop3-xinetd
Source6: imaps-xinetd
Source7: pop3s-xinetd
Source8: flock.c
Source9: README.IMAPS
Patch0: imap-2001a-redhat-ssl.patch
Patch1: imap-2000-linux.patch
Patch2: imap-2000-vfs.patch
Patch3: imap-2001a-mbox-disable.patch
Patch4: imap-2000-krbpath.patch
Patch5: imap-2000c-redhat-flock.patch
Patch6: imap-2001a-overflow.patch
Patch8: imap-2001a-redhat-version.patch
Patch9: imap-2001a-boguswarning.patch
Patch10: imap-2000-time.patch
Patch11: imap-2001a-can-2003-0297.patch
Patch12: imap-2001a-CAN-2005-2933_fix.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root
BuildPrereq: krb5-devel, openssl-devel
# DO NOT REMOVE THIS PAM HEADER DEPENDANCY OR FACE THE WRATH
BuildPreReq: /usr/include/security/pam_modules.h
Requires: pam >= 0.59
Conflicts: cyrus-imapd
%if %{Build_7}
Requires: %{_sysconfdir}/pam.d/system-auth
%endif
%if %{with_xinetd}
Prereq: xinetd
%endif
%description
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols. The POP protocol uses a "post office" machine to collect
mail for users and allows users to download their mail to their local
machine for reading. The IMAP protocol allows a user to read mail on a
remote machine without downloading it to their local machine.
Install the imap package if you need a server to support the IMAP or
the POP mail access protocols.
%package devel
Summary: Development tools for programs which will use the IMAP library.
Group: Development/Libraries
%description devel
The imap-devel package contains the header files and static libraries
for developing programs which will use the IMAP (Internet Message
Access Protocol) library.
%prep
%setup -q
chmod -R u+w .
%patch0 -p1 -b .redhat-ssl-patch
%patch1 -p1 -b .linux-patch
# FIXME: Disabled for 2001a-1 build.. unneeded now?
#%patch2 -p1 -b .vfs-patch
%patch3 -p0 -b .mbox-disable-patch
%patch4 -p1 -b .gssapi-patch
%patch5 -p1 -b .redhat-flock
%patch6 -p1 -b .overflow
%patch8 -p0 -b .redhat-version
%patch9 -p0 -b .boguswarning
# Only apply the time.h patch to 7.x errata builds
%if %{Build_7}
%patch10 -p1 -b .time-patch
%endif
%patch11 -p2 -b .can-2003-0297
%patch12 -p0 -b .CAN-2005-2933_fix
cp %{SOURCE8} src/osdep/unix/
cp %{SOURCE9} .
%build
# Set EXTRACFLAGS here instead of in imap-2000-redhat.patch (#20760)
EXTRACFLAGS="$EXTRACFLAGS -DDISABLE_POP_PROXY=1 -DIGNORE_LOCK_EACCES_ERRORS=1"
EXTRACFLAGS="$EXTRACFLAGS -I/usr/include/openssl"
EXTRACFLAGS="$EXTRACFLAGS -I/usr/kerberos/include"
EXTRALDFLAGS="$EXTRALDFLAGS -L/usr/kerberos/lib"
%ifnarch sparc
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC" lnp \
%else
make RPM_OPT_FLAGS="" lnp \
%endif
EXTRACFLAGS="$EXTRACFLAGS" \
EXTRALDFLAGS="$EXTRALDFLAGS" \
EXTRAAUTHENTICATORS=gss \
SSLTYPE=unix \
# This line needs to be here.
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
install -m 644 ./src/ipopd/ipopd.8c $RPM_BUILD_ROOT%{_mandir}/man8/ipopd.8c
install -m 644 ./src/imapd/imapd.8c $RPM_BUILD_ROOT%{_mandir}/man8/imapd.8c
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
install -s -m 755 ./ipopd/ipop2d $RPM_BUILD_ROOT%{_sbindir}
install -s -m 755 ./ipopd/ipop3d $RPM_BUILD_ROOT%{_sbindir}
install -s -m 755 ./imapd/imapd $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
%if %{Build_7}
install -m 644 ${RPM_SOURCE_DIR}/imap.pamd $RPM_BUILD_ROOT/etc/pam.d/imap
install -m 644 ${RPM_SOURCE_DIR}/imap.pamd $RPM_BUILD_ROOT/etc/pam.d/pop
%else
install -m 644 ${RPM_SOURCE_DIR}/imap.pamd.6 $RPM_BUILD_ROOT/etc/pam.d/imap
install -m 644 ${RPM_SOURCE_DIR}/imap.pamd.6 $RPM_BUILD_ROOT/etc/pam.d/pop
%endif
## Install the shared lib
#install -m 755 libimap.so.%{version} $RPM_BUILD_ROOT/usr/lib
#ln -sf libimap.so.%{version} $RPM_BUILD_ROOT/usr/lib/libimap.so
mkdir -p $RPM_BUILD_ROOT%{_libdir}
install -m 644 ./c-client/c-client.a $RPM_BUILD_ROOT%{_libdir}/
ln -s c-client.a $RPM_BUILD_ROOT%{_libdir}/libc-client.a
mkdir -p $RPM_BUILD_ROOT%{_includedir}/imap
install -m 644 ./c-client/*.h $RPM_BUILD_ROOT%{_includedir}/imap
# Added linkage.c to fix (#34658) <mharris>
install -m 644 ./c-client/linkage.c $RPM_BUILD_ROOT%{_includedir}/imap
install -m 644 ./src/osdep/tops-20/shortsym.h $RPM_BUILD_ROOT%{_includedir}/imap
%if %{with_xinetd}
#install service configuration files
mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/
install -m644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/imap
install -m644 %{SOURCE4} $RPM_BUILD_ROOT/etc/xinetd.d/ipop2
install -m644 %{SOURCE5} $RPM_BUILD_ROOT/etc/xinetd.d/ipop3
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/xinetd.d/imaps
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/xinetd.d/pop3s
%endif
# Generate ghost *.pem files
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/ssl/certs
touch $RPM_BUILD_ROOT/%{_datadir}/ssl/certs/{imapd,ipop3d}.pem
chmod 600 $RPM_BUILD_ROOT/%{_datadir}/ssl/certs/{imapd,ipop3d}.pem
%clean
rm -rf $RPM_BUILD_ROOT
%if %{Build_7}
%post
# This was 'if with_ssl' before, but due to packaging problems with older
# releases handling the logic, I changed it to only happen in 7.x instead
# If no cert, migrate stunnel.pem, or generate a new cert
pushd %{_datadir}/ssl/certs &> /dev/null || :
for CERT in imapd.pem ipop3d.pem ;do
if [ ! -e $CERT ];then
if [ -e stunnel.pem ];then
cp stunnel.pem $CERT &> /dev/null || :
elif [ -e Makefile ];then
make $CERT << EOF &> /dev/null || :
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
localhost.localdomain
root at localhost.localdomain
EOF
fi
fi
done
popd &> /dev/null || :
/sbin/service xinetd reload > /dev/null 2>&1 || :
%endif
%if %{Build_7}
%postun
/sbin/service xinetd reload > /dev/null 2>&1 || :
%endif
%files
%defattr(-,root,root)
%config /etc/pam.d/imap
%config /etc/pam.d/pop
%if %{with_xinetd}
%config(noreplace) /etc/xinetd.d/imap
%config(noreplace) /etc/xinetd.d/ipop2
%config(noreplace) /etc/xinetd.d/ipop3
# These to need to be replaced, or imaps/pop3s will fail after an upgrade
%config /etc/xinetd.d/imaps
%config /etc/xinetd.d/pop3s
%endif
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{_datadir}/ssl/certs/imapd.pem
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{_datadir}/ssl/certs/ipop3d.pem
%{_mandir}/man8/ipopd.8c*
%{_mandir}/man8/imapd.8c*
%attr(0755,root,root) %{_sbindir}/ipop2d
%attr(0755,root,root) %{_sbindir}/ipop3d
%attr(0755,root,root) %{_sbindir}/imapd
%doc CPYRIGHT README WARNING README.IMAPS docs/RELNOTES docs/*.txt
%doc docs/CONFIG docs/SSLBUILD
%files devel
%defattr(-,root,root)
%doc docs/*
%{_includedir}/imap
#FIXME: is this c-client.a necessary?
%{_libdir}/c-client.a
%{_libdir}/libc-client.a
%changelog
* Thu Oct 12 2005 Ville Herva <vherva at vianova.fi> 2001a-10.2.legacy
- Added security patch for CAN-2005-2933
* Thu Mar 3 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 2001a-10.1.legacy
- Added security patch for CAN-2003-0297
* Wed Apr 17 2002 Mike A. Harris <mharris at redhat.com> 2001a-10
- Fixed mbox-disable patch to really disable mbox (#15833)
* Wed Apr 17 2002 Bernhard Rosenkraenzer <bero at redhat.com> 2001a-9
- Fix overflow in rfc822.c (#60818)
* Tue Feb 26 2002 Mike A. Harris <mharris at redhat.com> 2001a-8
- Updated files list, explicitly listing .pem files to attempt to quell
rpmlint warning.
* Tue Feb 26 2002 Mike A. Harris <mharris at redhat.com> 2001a-7
- Rebuilt in new environment
* Wed Feb 13 2002 Mike A. Harris <mharris at redhat.com> 2001a-6
- Put a pam build dependancy back, since pam is used during build, it is
required to be there.
* Sat Jan 26 2002 Florian La Roche <Florian.LaRoche at redhat.de>
- delete /lib/libpam.so BuildPreReq, it does not exist anymore
* Thu Jan 24 2002 Mike A. Harris <mharris at redhat.com> 2001a-4
- Rebuild in new environment as -3 failed for some obscure cryptic reason,
so bumping to -4 to try again.
* Tue Nov 20 2001 Nalin Dahyabhai <nalin at redhat.com> 2001a-2
- Change SPECIALAUTHENTICATORS=ssl to SSLTYPE=unix at build time (the
procedure changed for 2001a
* Tue Nov 20 2001 Mike A. Harris <mharris at redhat.com> 2001a-1
- Updated to imap-2001a
- Removed USERID option from all xinetd config files to fix (#56279)
- Modified all xinetd conf files to use the following log options instead
log_on_success += HOST DURATION
log_on_failure += HOST
- Removed Build_52 target define, and with_ssl, with_ssl_cert, with_krb5
conditionals, as they are no longer needed now because all supported releases
currently support SSL and kerberos.
- Updated imap-2001a-redhat-ssl.patch, imap-2001a-mbox-disable.patch
- Removed imap-2000c-security.patch, and imap-2000c-morefixes.patch as they
are now integrated in 2001a
* Thu Oct 11 2001 Mike A. Harris <mharris at redhat.com> 2000c-17
- Rebuilt with pam auth files for 6.2 errata (1.6.1), and 5.2 errata (1.5.1),
and put master release in rawhide as 2000c-17, so future releases come
from current RPM.
* Tue Jul 24 2001 Mike A. Harris <mharris at redhat.com> 2000c-14
- Removed conditional with_pamauth, and replaced with better solution,
fixing bug (#49604)
- Enabled ghost cert files and cert creation for all SSL builds.
- Removed macro from release tag to allow spec release bumping.
* Sat Jul 21 2001 Mike A. Harris <mharris at redhat.com> 2000c-13
- Add bpr on pam-devel (#49501)
* Thu Jul 19 2001 Mike A. Harris <mharris at redhat.com> 2000c-12
- Enabled file ownership/ghosting of pem files. (#43400)
* Wed Jul 11 2001 Tim Powers <timp at redhat.com> 2000c-11
- rebuilt for 7.x
* Fri Jul 6 2001 Mike A. Harris <mharris at redhat.com> 2000c-10
- Rebuilt in new environment, bumped release numbers to 200c-10,
2000c-1.6.0, 2000c-1.5.0
* Thu Jul 5 2001 Mike A. Harris <mharris at redhat.com> 2000c-9
- Fix for with_pamauth
- Built 2000c-9 for 7.x, 2000c-1.3.6x, 2000c-1.3.5x
* Wed Jun 27 2001 Mike A. Harris <mharris at redhat.com> 2000c-8
- Minor fix to wrap up post and postun in an if block to exclude them from
6.x/5.x builds.
- Built 2000c-8 for 7.x, 2000c-1.2.6x for 6.2 and 2000c-1.2.5x for 5.2
* Sat Jun 23 2001 Mike A. Harris <mharris at redhat.com> 2000c-7
- Disabled complex ghost lines on pem files for errata as it is more of
an enhancement that should wait for a full devel cycle of testing.
* Wed Jun 20 2001 Mike A. Harris <mharris at redhat.com> 2000c-6.13
- Added security fixes from Vincent Danen's imap 4.4 package. (#44321)
- Added conditional code to generate SSL certificates during post-install
- Added the SSL certificate as a ghost config file (conditionally).
- Moved xinetd reload to after end of post install script (#43400)
- ghosted ssl certificate (#43400)
- Fixed bug where imaps/pop3s would fail after an upgrade from old stunnel
based imaps because the xinetd.d/* files were all (noreplace), so the
new old xinetd config file still tried to use stunnel.
* Tue May 22 2001 Mike A. Harris <mharris at redhat.com> 2000c-5
- Changes to specfile to conditionalize with_pamauth, and with_xinetd,
wrapped all relevant parts of specfile with new conditionals, and
added Build_62, and Build_52, along with wrapper ifdef's to preset
the various options based on the build being done.
* Mon May 21 2001 Mike A. Harris <mharris at redhat.com> 2000c-2
- Added post script to migrate stunnel.pem to imapd.pem if the former exists
when installing/upgrading and no imapd.pem exists already.
- Built errata candidate 2000c-2 for RHL 7.x
* Sat May 19 2001 Mike A. Harris <mharris at redhat.com>
- Updated sources to imap-2000c fixing bug ids (20858,25976,40855,41292)
- Updated patches to work with imap-200c (ssl, flock)
- Removed unneeded sparc patch (fixed in 2000c), and patch6
- Include more documentation (*.txt, etc..) in main package
- s/Copyright:/License:/ in specfile
* Thu Apr 5 2001 Mike A. Harris <mharris at redhat.com>
- Added c-client/linkage.c to /usr/include/imap so that applications
built with c-client will be consistent across the distribution.
* Sat Mar 3 2001 Mike A. Harris <mharris at redhat.com>
- Reintegrated my changes from Mar 1 that got lost. -8 release.
* Fri Mar 2 2001 Nalin Dahyabhai <nalin at redhat.com>
- rebuild in new environment
* Thu Mar 1 2001 Mike A. Harris <mharris at redhat.com>
- UNIX compress (.Z) sucks. Converted to bzip2 for a 60% savings (1.1Mb)
- Removed EXTRACFLAGS changes from redhat patch to Makefile, and put
in spec file so it propagates through the build. (#20760)
- Changed license from BSD to "University of Washington's Free-Fork License",
as it is not in fact BSD licenced. See file CPYRIGHT for details.
* Thu Feb 15 2001 Trond Eivind Glomsr?d <teg at redhat.com>
- Conflict with cyrus-imapd
* Wed Feb 14 2001 Trond Eivind Glomsr?d <teg at redhat.com>
- Make it build
* Mon Nov 20 2000 Nalin Dahyabhai <nalin at redhat.com>
- add some documentation about the SSL server-side support (#20931)
* Mon Oct 31 2000 Nalin Dahyabhai <nalin at redhat.com>
- make SSL and GSS support conditional
- mark as a modified version
- quell error messages about spool directory permissions
* Thu Oct 26 2000 Nalin Dahyabhai <nalin at redhat.com>
- update to 2000 final release and bump epoch to upgrade RCs
- patch to get around bug in compiler on sparc
* Fri Oct 20 2000 Nalin Dahyabhai <nalin at redhat.com>
- update to RC8
* Wed Oct 18 2000 Nalin Dahyabhai <nalin at redhat.com>
- always do a pam_setcred(DELETE) before doing a pam_end()
* Tue Oct 10 2000 Nalin Dahyabhai <nalin at redhat.com>
- switch to internal SSL support instead of using stunnel (#18727)
* Wed Oct 4 2000 Nalin Dahyabhai <nalin at redhat.com>
- update to IMAP 2000 RC7
* Thu Aug 24 2000 Nalin Dahyabhai <nalin at redhat.com>
- update flock() emulation
- ignore dotlock errors because we're all using fcntl() locks
* Wed Aug 23 2000 Nalin Dahyabhai <nalin at redhat.com>
- modify locking to use fcntl() instead of flock() (#15779)
- add simap patches
* Wed Aug 9 2000 Nalin Dahyabhai <nalin at redhat.com>
- disable mbox in top-level makefile, too (#15833)
* Tue Aug 8 2000 Nalin Dahyabhai <nalin at redhat.com>
- rename simap to imaps and spop3 to pop3s
* Tue Jul 18 2000 Bill Nottingham <notting at redhat.com>
- add description & default to xinetd file
* Thu Jul 13 2000 Prospector <bugzilla at redhat.com>
- automatic rebuild
* Mon Jul 10 2000 Nalin Dahyabhai <nalin at redhat.com>
- disable the mbox driver, which is counter-intuitive
- add xinetd control files for imaps and pop3s for use with stunnel
* Thu Jul 6 2000 Nalin Dahyabhai <nalin at redhat.com>
- don't shut down xinetd on uninstall
- use xinetd's reload, not condrestart
- add chkconfig comments to xinetd config file
- reload xinetd even if all copies of imapd will be gone
- mark xinetd config files as noreplace
* Tue Jul 4 2000 Florian La Roche <Florian.LaRoche at redhat.com>
- change scripts
* Mon Jul 3 2000 Nalin Dahyabhai <nalin at redhat.com>
- add "Requires: xinetd" (#11837)
* Tue Jun 27 2000 Nalin Dahyabhai <nalin at redhat.com>
- update to 4.7c2
- condrestart xinetd in post and postun
* Sat Jun 17 2000 Nalin Dahyabhai <nalin at redhat.com>
- disable by default
- FHS fixes
- add defattr to -devel subpackage
- add libc-client.a symlink to %{_libdir}
* Thu Jun 1 2000 Nalin Dahyabhai <nalin at redhat.com>
- modify PAM setup to use system-auth
* Mon May 22 2000 Trond Eivind Glomsr?d <teg at redhat.com>
- Now uses xinetd
* Wed Apr 5 2000 Bill Nottingham <notting at redhat.com>
- remove explict krb5-configs dependency
* Sun Mar 26 2000 Florian La Roche <Florian.LaRoche at redhat.com>
- change root:mail -> root:root
* Wed Mar 1 2000 Nalin Dahyabhai <nalin at redhat.com>
- make kerberos support conditional at build-time
* Wed Mar 1 2000 Bill Nottingham <notting at redhat.com>
- integrate kerberos support into main tree
* Thu Feb 03 2000 Cristian Gafton <gafton at redhat.com>
- fix group
- fix description
- man pages are compressed
* Thu Jan 13 2000 Preston Brown <pbrown at redhat.com>
- create static library in a subpackage 'devel' (#5098)
* Thu Jun 10 1999 Dale Lovelace <dale at redhat.com>
- add -fPIC option for sparc mod_php3 problems
* Fri Apr 09 1999 Cristian Gafton <gafton at redhat.com>
- ipop3d service name was changed to "pop" now. Clearly somebody that hasn't
got a clue about PAM stuff is messing around with the source.
* Sun Mar 21 1999 Cristian Gafton <gafton at redhat.com>
- auto rebuild in the new build environment (release 2)
* Sat Mar 13 1999 Cristian Gafton <gafton at redhat.com>
- verson 4.5
- loose the noflock patch
* Thu Dec 17 1998 Cristian Gafton <gafton at redhat.com>
- added a -vfs patch because sys/statvfs on glibc 2.1 is different from what
is available on the sun...
- build against glibc 2.1
* Fri Sep 11 1998 Jeff Johnson <jbj at redhat.com>
- use only fcntl locking.
* Thu Sep 10 1998 Jeff Johnson <jbj at redhat.com>
- update to 4.4.
- removed g+s bit to imapd.
* Wed Jul 22 1998 Jeff Johnson <jbj at redhat.com>
- updated to 4.2.
- added g+s bit to imapd so that lock files can be created.
* Thu May 07 1998 Prospector System <bugs at redhat.com>
- translations modified for de, fr, tr
* Wed Apr 08 1998 Cristian Gafton <gafton at redhat.com>
- Updated to the latest imap as of today...
* Wed Dec 10 1997 Cristian Gafton <gafton at redhat.com>
- Updated to the latest imap as of today...
- Updated the pam patch to reflect the new directory organization
* Thu Oct 23 1997 Michael K. Johnson <johnsonm at redhat.com>
- Fix patch for new PAM spec compliance.
* Thu Oct 02 1997 Michael K. Johnson <johnsonm at redhat.com>
- Comply with change in PAM spec.
- Use a buildroot.
* Mon Mar 03 1997 Michael K. Johnson <johnsonm at redhat.com>
- Moved from pam.conf to pam.d
* Mon Mar 03 1997 Erik Troan <ewt at redhat.com>
- Fixed buffer overrun in server_login().
-------------- next part --------------
Fixes CAN-2005-2933
See
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
http://www.linuxsecurity.com/content/view/120575
Modified from the mail.c patch at
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=false
--- src/c-client/mail.c.orig Tue Nov 13 21:29:07 2001
+++ src/c-client/mail.c Wed Oct 12 10:28:58 2005
@@ -587,8 +587,10 @@
if (c == '=') { /* parse switches which take arguments */
if (*t == '"') { /* quoted string? */
for (v = arg,i = 0,++t; (c = *t++) != '"';) {
+ if (!c) return NIL; /* unterminated string [CAN-2005-2933] */
/* quote next character */
if (c == '\\') c = *t++;
+ if (!c) return NIL; /* can't quote NUL either [CAN-2005-2933] */
arg[i++] = c;
}
c = *t++; /* remember delimiter for later */
More information about the fedora-legacy-list
mailing list