!26 Resolve fuzz-test about ABRT error

From: @maminjie Reviewed-by: @zhanghua1831,@small_leek Signed-off-by: @small_leek
2021-03-27 15:01:39 +08:00 · 2021-03-27 15:01:39 +08:00 · de72414715
commit de72414715
parent f99118c546 4818cd70f5
3 changed files with 73 additions and 1 deletions
--- a/0001-Fix-bugs-in-smtp-server.patch
+++ b/0001-Fix-bugs-in-smtp-server.patch
@ -0,0 +1,40 @@
+From a215a7d1a1c5eab40f6896fc07931a81d5504f18 Mon Sep 17 00:00:00 2001
+From: maminjie <maminjie1@huawei.com>
+Date: Sat, 27 Mar 2021 11:18:23 +0800
+Subject: [PATCH] Fix bugs in smtp server
+
+reference to: https://github.com/dovecot/core/pull/120
+---
+ src/lib-smtp/smtp-server-cmd-data.c | 2 +-
+ src/lib-smtp/smtp-server-cmd-helo.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib-smtp/smtp-server-cmd-data.c b/src/lib-smtp/smtp-server-cmd-data.c
+index 2650643..a7db425 100644
+--- a/src/lib-smtp/smtp-server-cmd-data.c
+++ b/src/lib-smtp/smtp-server-cmd-data.c
+@@ -654,7 +654,7 @@ void smtp_server_cmd_bdat(struct smtp_server_cmd_ctx *cmd,
+ 		}
+ 	}
+ 
+-	if (ret > 0 || size > 0) {
+	if (ret > 0 || (size > 0 && conn->smtp_parser)) {
+ 		/* read/skip data even in case of error, as long as size is
+ 		   known */
+ 		input = smtp_command_parse_data_with_size(conn->smtp_parser,
+diff --git a/src/lib-smtp/smtp-server-cmd-helo.c b/src/lib-smtp/smtp-server-cmd-helo.c
+index 330ceaa..40ba328 100644
+--- a/src/lib-smtp/smtp-server-cmd-helo.c
+++ b/src/lib-smtp/smtp-server-cmd-helo.c
+@@ -155,7 +155,7 @@ smtp_server_cmd_ehlo_reply_create(struct smtp_server_cmd_ctx *cmd)
+ 	unsigned int extra_caps_count, i, j;
+ 	struct smtp_server_reply *reply;
+ 
+-	i_assert(cmd->cmd->reg->func == smtp_server_cmd_ehlo);
+	i_assert(cmd->cmd->reg->func == smtp_server_cmd_ehlo || cmd->cmd->reg->func == smtp_server_cmd_helo);
+ 	reply = smtp_server_reply_create_ehlo(cmd->cmd);
+ 
+ 	if (helo_data->helo.old_smtp)
+-- 
+2.23.0
+
--- a/0002-Fix-assert-crash-if-parsing-invalid-BODYSTRUCTURE.patch
+++ b/0002-Fix-assert-crash-if-parsing-invalid-BODYSTRUCTURE.patch
@ -0,0 +1,27 @@
+From c4c499cb5b9fc35e8b850a9faf6b700feb3b299f Mon Sep 17 00:00:00 2001
+From: maminjie <maminjie1@huawei.com>
+Date: Sat, 27 Mar 2021 11:55:31 +0800
+Subject: [PATCH] Fix assert-crash if parsing invalid BODYSTRUCTURE with empty
+ Content-Language list
+
+reference to: https://github.com/dovecot/core/commit/dd51ae09a8a688c8466e31d5b6108756d5154153
+---
+ src/lib-imap/imap-bodystructure.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lib-imap/imap-bodystructure.c b/src/lib-imap/imap-bodystructure.c
+index a2d778f..b52af28 100644
+--- a/src/lib-imap/imap-bodystructure.c
+++ b/src/lib-imap/imap-bodystructure.c
+@@ -245,6 +245,8 @@ imap_bodystructure_strlist_parse(const struct imap_arg *arg,
+ 	} else {
+ 		if (!imap_arg_get_list_full(arg, &list_args, &list_count))
+ 			return -1;
+        if (list_count == 0)
+            return -1;
+ 
+ 		list = p_new(pool, const char *, list_count+1);
+ 		for (i = 0; i < list_count; i++) {
+-- 
+2.23.0
+
--- a/dovecot.spec
+++ b/dovecot.spec
@ -6,7 +6,7 @@

 Name:          dovecot
 Version:       2.3.10.1
-Release:       5
+Release:       6
 Summary:       Dovecot Secure imap server
 License:       MIT and LGPLv2.1
 URL:           http://www.dovecot.org/
@ -38,6 +38,8 @@ Patch6011:     CVE-2020-12100-2.patch
 Patch6012:     CVE-2020-25275-1.patch
 Patch6013:     CVE-2020-25275-2.patch
 Patch6014:     CVE-2020-24386.patch
+Patch6015:     0001-Fix-bugs-in-smtp-server.patch
+Patch6016:     0002-Fix-assert-crash-if-parsing-invalid-BODYSTRUCTURE.patch

 BuildRequires: gcc-c++ openssl-devel pam-devel zlib-devel bzip2-devel libcap-devel
 BuildRequires: libtool autoconf automake pkgconfig sqlite-devel libpq-devel
@ -289,6 +291,9 @@ make check


 %changelog
+* Sat Mar 27 2021 maminjie <maminjie1@huawei.com> - 2.3.10.1-6
+- Resolve fuzz-test about ABRT error
+
 * Fri Feb 5 2021 wangyue <wangyue92@huawei.com> - 2.3.10.1-5
 - Fix CVE-2020-25275 CVE-2020-24386