packages/libesmtp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libesmtp: fix CVE-2019-19977

Browse Source
This commit is contained in:
Vchanger 2020-04-20 14:39:15 +08:00
parent 885db6b94a
commit 14d3517f17
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2019-19977.patch Normal file
View File

@ -0,0 +1,69 @@
From 9fc96e9f52b6b8ca67463289cde6d50b3d5911f9 Mon Sep 17 00:00:00 2001
From: liaichun <liaichun@huawei.com>
Date: Mon, 20 Apr 2020 14:35:35 +0800
Subject: [PATCH] remove ntlm_build_type_2 to fix CVE-2019-19977
---
ntlm/ntlm.h | 2 --
ntlm/ntlmstruct.c | 32 --------------------------------
2 files changed, 34 deletions(-)
diff --git a/ntlm/ntlm.h b/ntlm/ntlm.h
index 50a49d6..d5dae83 100644
--- a/ntlm/ntlm.h
+++ b/ntlm/ntlm.h
@@ -35,8 +35,6 @@ void ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp,
size_t ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
const char *domain, const char *workstation);
-size_t ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
- const unsigned char *nonce, const char *domain);
size_t ntlm_build_type_3 (char *buf, size_t buflen,
unsigned int flags,
const unsigned char *lm_resp,
diff --git a/ntlm/ntlmstruct.c b/ntlm/ntlmstruct.c
index dfb80de..3167da7 100644
--- a/ntlm/ntlmstruct.c
+++ b/ntlm/ntlmstruct.c
@@ -218,38 +218,6 @@ ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
return offset;
}
-/* Build a NTLM type 2 structure in the buffer */
-size_t
-ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
- const unsigned char *nonce, const char *domain)
-{
- size_t offset = T2SIZE;
- size_t len;
- char string[256];
- unsigned char *up;
-
- if (buflen < offset)
- return 0;
- memcpy (buf, NTLMSSP, 8);
- write_uint32 (buf, MSGTYPE, 2);
- up = NULL;
- len = 0;
- if (domain != NULL)
- {
- len = strlen (domain);
- if (offset + 2 * len > buflen)
- return 0;
- up = nt_unicode (lm_uccpy (string, len, domain), 2 * len);
- }
- write_string (buf, T2AUTHTARGET, &offset, up, len);
- if (up != NULL)
- free (up);
- write_uint32 (buf, T2FLAGS, flags);
- memcpy (buf + T2NONCE, nonce, 8);
- memset (buf + T2RESERVED, 0, 8);
- return offset;
-}
-
/* Build a NTLM type 3 structure in the buffer */
size_t
ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags,
--
1.8.3.1

9
libesmtp.spec
View File

@ -2,13 +2,14 @@
Name: libesmtp
Version: 1.0.6
Release: 18
Release: 19
Summary: A library for posting electronic mail
License: LGPLv2+
URL: https://www.stafford.uklinux.net/%{name}/
Source: https://www.stafford.uklinux.net/%{name}/%{name}-%{version}.tar.bz2
Patch0: libesmtp-1.0.6-openssl-1.1.patch
Patch1: CVE-2019-19977.patch
BuildRequires: gcc openssl-devel pkgconfig autoconf automake libtool
%description
@ -93,6 +94,12 @@ install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
%doc NEWS Notes README
%changelog
* Mon Apr 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.0.6-19
- Type:cves
- ID:CVE-2019-19977
- SUG:NA
- DESC:remove ntlm_build_type_2() to fix CVE-2019-19977
* Mon Oct 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.0.6-18
- Type:enhancement
- Id:NA