packages/dovecot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2015-3420 CVE-2016-8652

Browse Source
This commit is contained in:
gu-gu-gu 2020-03-16 18:11:29 +08:00
parent b2a7ca6e05
commit 72d3f1c94f
3 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CVE-2015-3420.patch Normal file
View File

@ -0,0 +1,11 @@
diff -r 27ee6a472555 src/lib/strnum.h
--- a/src/lib/strnum.h Tue Dec 08 15:47:28 2015 +0200
+++ b/src/lib/strnum.h Wed Dec 09 10:54:49 2015 +0200
@@ -169,6 +169,7 @@
int str_parse_uoff(const char *str, uoff_t *num_r,
const char **endp_r) ATTR_WARN_UNUSED_RESULT ATTR_NULL(3);
+#define str_to_time str_to_time_no_collision
int str_to_time(const char *str, time_t *num_r)
ATTR_WARN_UNUSED_RESULT;

27
CVE-2016-8652.patch Normal file
View File

@ -0,0 +1,27 @@
From 1f2c35da2b96905bec6e45f88af0f33ee63789e6 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Wed, 23 Nov 2016 13:16:19 +0200
Subject: [PATCH] auth: Fix auth-policy crash when username is NULL
If SASL request is invalid, or incomplete, and username
is left NULL, handle it gracefully by adding just
NUL byte in auth policy digest for username.
---
src/auth/auth-policy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff -Nur dovecot-2.3.3_old/src/auth/auth-policy.c dovecot-2.3.3/src/auth/auth-policy.c
--- dovecot-2.3.3_old/src/auth/auth-policy.c 2020-03-16 17:38:38.308283675 +0800
+++ dovecot-2.3.3/src/auth/auth-policy.c 2020-03-16 17:42:41.873103352 +0800
@@ -466,7 +466,10 @@
else
requested_username = "";
/* use +1 to make sure \0 gets included */
- digest->loop(ctx, requested_username, strlen(requested_username)+1);
+ if (context->request->user == NULL)
+ digest->loop(ctx, "\0", 1);
+ else
+ digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
if (password != NULL)
digest->loop(ctx, password, strlen(password));
ptr = buffer_get_modifiable_data(buffer, NULL);

10
dovecot.spec
View File

@ -6,7 +6,7 @@
Name: dovecot Name: dovecot
Version: 2.3.3 Version: 2.3.3
Release: 4 Release: 5
Summary: Dovecot Secure imap server Summary: Dovecot Secure imap server
License: MIT and LGPLv2 License: MIT and LGPLv2
URL: http://www.dovecot.org/ URL: http://www.dovecot.org/
@ -28,6 +28,8 @@ Patch6005: CVE-2019-10691.patch
Patch6006: CVE-2019-11494-1.patch Patch6006: CVE-2019-11494-1.patch
Patch6007: CVE-2019-11494-2.patch Patch6007: CVE-2019-11494-2.patch
Patch6008: CVE-2019-11499.patch Patch6008: CVE-2019-11499.patch
Patch6009: CVE-2015-3420.patch
Patch6010: CVE-2016-8652.patch
BuildRequires: gcc-c++ openssl-devel pam-devel zlib-devel bzip2-devel libcap-devel BuildRequires: gcc-c++ openssl-devel pam-devel zlib-devel bzip2-devel libcap-devel
BuildRequires: libtool autoconf automake pkgconfig sqlite-devel libpq-devel BuildRequires: libtool autoconf automake pkgconfig sqlite-devel libpq-devel
@ -278,5 +280,11 @@ make check
%changelog %changelog
* Sun Mar 16 2020 gulining<gulining1@huawei.com> - 2.3.3-5
- Type:cves
- ID:CVE-2015-3420 CVE-2016-8652
- SUG:restart
- DESC:fix CVE-2015-3420 CVE-2016-8652
* Mon Dec 2 2019 wangzhishun <wangzhishun1@huawei.com> - 2.3.3-4 * Mon Dec 2 2019 wangzhishun <wangzhishun1@huawei.com> - 2.3.3-4
- Package init - Package init