From 67aeae35425008834be5df10894e51aa5127303c Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 6 May 2010 11:13:47 +0200 Subject: Fix history date in fetchmail-SA-2010-02.txt. --- fetchmail-SA-2010-02.txt | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) (limited to 'fetchmail-SA-2010-02.txt') diff --git a/fetchmail-SA-2010-02.txt b/fetchmail-SA-2010-02.txt index 7d5c0bac..61c5fc6e 100644 --- a/fetchmail-SA-2010-02.txt +++ b/fetchmail-SA-2010-02.txt @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales Topics: Denial of service in debug output @@ -40,7 +37,7 @@ Corrected: 2010-04-24 Git, required commits: 2010-04-20 0.3 add CVE name, fix Type: 2010-04-24 0.4 revise patch 2010-04-29 0.5 add info on contributing/mitigating factors -2010-06-05 1.0 complete +2010-05-06 1.0 complete 1. Background @@ -134,7 +131,7 @@ so try this if the patch does not apply. diff --git a/rfc822.c b/rfc822.c index 6f2dbf3..dbcda32 100644 -- --- a/rfc822.c +--- a/rfc822.c +++ b/rfc822.c @@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. #include @@ -148,9 +145,9 @@ index 6f2dbf3..dbcda32 100644 } #ifndef MAIN -- - if (outlevel >= O_DEBUG) -- - report_build(stdout, GT_("About to rewrite %.*s...\n"), -- - (int)BEFORE_EOL(buf), buf); +- if (outlevel >= O_DEBUG) +- report_build(stdout, GT_("About to rewrite %.*s...\n"), +- (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp); @@ -162,9 +159,9 @@ index 6f2dbf3..dbcda32 100644 } #ifndef MAIN -- - if (outlevel >= O_DEBUG) -- - report_complete(stdout, GT_("...rewritten version is %.*s.\n"), -- - (int)BEFORE_EOL(buf), buf); +- if (outlevel >= O_DEBUG) +- report_complete(stdout, GT_("...rewritten version is %.*s.\n"), +- (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_complete(stdout, GT_("...rewritten version is %s.\n"), + (cp = sdump(buf, BEFORE_EOL(buf)))); @@ -176,7 +173,7 @@ index 6f2dbf3..dbcda32 100644 return(buf); diff --git a/uid.c b/uid.c index fdc6f5d..9a62ee2 100644 -- --- a/uid.c +--- a/uid.c +++ b/uid.c @@ -20,6 +20,7 @@ @@ -190,8 +187,8 @@ index fdc6f5d..9a62ee2 100644 { report_build(stdout, GT_("Old UID list from %s:"), ctl->server.pollname); -- - for (idp = ctl->oldsaved; idp; idp = idp->next) -- - report_build(stdout, " %s", idp->id); +- for (idp = ctl->oldsaved; idp; idp = idp->next) +- report_build(stdout, " %s", idp->id); + for (idp = ctl->oldsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s", t); @@ -204,8 +201,8 @@ index fdc6f5d..9a62ee2 100644 if (uidlcount) { report_build(stdout, GT_("Scratch list of UIDs:")); -- - for (idp = scratchlist; idp; idp = idp->next) -- - report_build(stdout, " %s", idp->id); +- for (idp = scratchlist; idp; idp = idp->next) +- report_build(stdout, " %s", idp->id); + for (idp = scratchlist; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s", t); @@ -218,8 +215,8 @@ index fdc6f5d..9a62ee2 100644 report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); else report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname); -- - for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) -- - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); +- for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) +- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); + for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s = %d", t, idp->val.status.mark); @@ -232,8 +229,8 @@ index fdc6f5d..9a62ee2 100644 /* this is now a merged list! the mails which were seen in this * poll are marked here. */ report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); -- - for (idp = ctl->oldsaved; idp; idp = idp->next) -- - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); +- for (idp = ctl->oldsaved; idp; idp = idp->next) +- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); + for (idp = ctl->oldsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s = %d", t, idp->val.status.mark); @@ -242,10 +239,3 @@ index fdc6f5d..9a62ee2 100644 if (!idp) report_build(stdout, GT_(" ")); report_complete(stdout, "\n"); ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.12 (GNU/Linux) - -iEYEARECAAYFAkvicswACgkQvmGDOQUufZVq9wCg9j3yrW+aMQs9kMh5mTT8xPO0 -w+MAoJm8g5AlDCwoi2jdmziqlO7/zBxx -=WEJ3 ------END PGP SIGNATURE----- -- cgit v1.2.3