dovecot: add another patch for CVE-2017-15132
This commit is contained in:
parent
3ea797e65e
commit
b904f3e24d
@ -1,3 +1,4 @@
|
||||
a1a5efc13766e3b2d0a154e9716f0f7a CVE-2017-15132-1.patch
|
||||
f043e0bb2773cd38f74ada8c164524a6 CVE-2017-15132.patch
|
||||
ec342928dd97131f82dba41546741b5f dovecot
|
||||
a8802617ddf68972f5f97bd8677e5856 dovecot-2.3.0.tar.gz
|
||||
|
@ -1,8 +1,9 @@
|
||||
untrusted comment: verify with /etc/ports/opt.pub
|
||||
RWSE3ohX2g5d/SihfglHd/nyxWOIuJQMl+JGBQBCDkigF+pqp87P7EyBt9dC8e7bvYN/L5VAH5T1yYeOkiDQPNnRAogyCZk8qww=
|
||||
SHA256 (Pkgfile) = 0bedafa60b3e7d7db93c113f28760308b77cdda87756884c0bf391f2b02c6a05
|
||||
RWSE3ohX2g5d/SkROei+JVsseDKn6SIUNsjxW4JVhAKiDa6r4HZW5ka8HbQjpy6OBAAyHGpg/+/NM5m9pchHJcjlYyFH2k1VXQs=
|
||||
SHA256 (Pkgfile) = f325affa0506d8e0a7f7ac40e81503af99fa2ee54a3a8c38a76205de6e8e396b
|
||||
SHA256 (.footprint) = d464c6eb14ad58ab166c901d6c1a6f66a010f3e934f3b1645a9cd20d24663b4b
|
||||
SHA256 (dovecot-2.3.0.tar.gz) = de60cb470d025e4dd0f8e8fbbb4b9316dfd4930eb949d307330669ffbeaf8581
|
||||
SHA256 (CVE-2017-15132.patch) = ddbfdb187e1e763aa10364e57ed82bd37d264d66ed01559a7dbdeccb9f41e91f
|
||||
SHA256 (CVE-2017-15132-1.patch) = 480980136322c3361ab334346218504397668df49d66afef0bca70b7e4d40fae
|
||||
SHA256 (dovecot-config.patch) = a6f09e637f1ac15368d2d18736dc353e4a188959c5940dedd5306b689156e91c
|
||||
SHA256 (dovecot) = ead06d36290cca8be6be350f2c05edf53a4e9ce8aec5d5d663b1162ae96c17c7
|
||||
|
57
dovecot/CVE-2017-15132-1.patch
Normal file
57
dovecot/CVE-2017-15132-1.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From a9b135760aea6d1790d447d351c56b78889dac22 Mon Sep 17 00:00:00 2001
|
||||
From: Aki Tuomi <aki.tuomi@dovecot.fi>
|
||||
Date: Fri, 26 Jan 2018 10:55:54 +0200
|
||||
Subject: [PATCH] lib-auth: Remove request after abort
|
||||
|
||||
Otherwise the request will still stay in hash table
|
||||
and get dereferenced when all requests are aborted
|
||||
causing an attempt to access free'd memory.
|
||||
|
||||
Found by Apollon Oikonomopoulos <apoikos@debian.org>
|
||||
|
||||
Broken in 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
|
||||
---
|
||||
src/lib-auth/auth-client-request.c | 2 ++
|
||||
src/lib-auth/auth-server-connection.c | 7 +++++++
|
||||
src/lib-auth/auth-server-connection.h | 2 ++
|
||||
3 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
|
||||
index 046f7c307d..f6d0290a13 100644
|
||||
--- a/src/lib-auth/auth-client-request.c
|
||||
+++ b/src/lib-auth/auth-client-request.c
|
||||
@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
|
||||
|
||||
auth_client_send_cancel(request->conn->client, request->id);
|
||||
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
|
||||
+ /* remove the request */
|
||||
+ auth_server_connection_remove_request(request->conn, request->id);
|
||||
pool_unref(&request->pool);
|
||||
}
|
||||
|
||||
diff --git a/src/lib-auth/auth-server-connection.c b/src/lib-auth/auth-server-connection.c
|
||||
index 9d65450fb3..7eea061cad 100644
|
||||
--- a/src/lib-auth/auth-server-connection.c
|
||||
+++ b/src/lib-auth/auth-server-connection.c
|
||||
@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
|
||||
hash_table_insert(conn->requests, POINTER_CAST(id), request);
|
||||
return id;
|
||||
}
|
||||
+
|
||||
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
|
||||
+ unsigned int id)
|
||||
+{
|
||||
+ i_assert(conn->handshake_received);
|
||||
+ hash_table_remove(conn->requests, POINTER_CAST(id));
|
||||
+}
|
||||
diff --git a/src/lib-auth/auth-server-connection.h b/src/lib-auth/auth-server-connection.h
|
||||
index 179b5dbd4c..c2c533a41d 100644
|
||||
--- a/src/lib-auth/auth-server-connection.h
|
||||
+++ b/src/lib-auth/auth-server-connection.h
|
||||
@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
|
||||
unsigned int
|
||||
auth_server_connection_add_request(struct auth_server_connection *conn,
|
||||
struct auth_client_request *request);
|
||||
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
|
||||
+ unsigned int id);
|
||||
#endif
|
@ -5,15 +5,16 @@
|
||||
|
||||
name=dovecot
|
||||
version=2.3.0
|
||||
release=2
|
||||
release=3
|
||||
source=(https://dovecot.org/releases/2.3/$name-$version.tar.gz
|
||||
CVE-2017-15132.patch
|
||||
CVE-2017-15132.patch CVE-2017-15132-1.patch
|
||||
dovecot-config.patch dovecot)
|
||||
|
||||
build () {
|
||||
cd $name-ce-$version
|
||||
|
||||
patch -p1 -i $SRC/CVE-2017-15132.patch
|
||||
patch -p1 -i $SRC/CVE-2017-15132-1.patch
|
||||
patch -p1 -i $SRC/$name-config.patch
|
||||
|
||||
./configure --prefix=/usr \
|
||||
|
Loading…
x
Reference in New Issue
Block a user