rpms / dovecot

Clone
Source Code
GIT

Blame SOURCES/dovecot-2.3.8-CVE_2020_12100prereq.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   7f3edca6d99b315a64b0d4519fc5f02dab58ec94
  2.   SOURCES
  3.   dovecot-2.3.8-CVE_2020_12100prereq.patch
Blob History Raw
5be1f1 
diff -up dovecot-2.2.36/src/lib/array.h.CVE_2020_12100prereq dovecot-2.2.36/src/lib/array.h
5be1f1 
--- dovecot-2.2.36/src/lib/array.h.CVE_2020_12100prereq	2018-04-30 15:52:05.000000000 +0200
5be1f1 
+++ dovecot-2.2.36/src/lib/array.h	2020-08-09 20:22:36.326347911 +0200
5be1f1 
@@ -219,6 +219,15 @@ array_idx_i(const struct array *array, u
5be1f1 
 	i_assert(idx * array->element_size < array->buffer->used);
5be1f1 
 	return CONST_PTR_OFFSET(array->buffer->data, idx * array->element_size);
5be1f1 
 }
5be1f1 
+
5be1f1 
+#define array_front(array) array_idx(array, 0)
5be1f1 
+#define array_front_modifiable(array) array_idx_modifiable(array, 0)
5be1f1 
+#define array_back(array) array_idx(array, array_count(array)-1)
5be1f1 
+#define array_back_modifiable(array) array_idx_modifiable(array, array_count(array)-1)
5be1f1 
+#define array_pop_back(array) array_delete(array, array_count(array)-1, 1);
5be1f1 
+#define array_push_back(array, item) array_append(array, (item), 1)
5be1f1 
+#define array_pop_front(array) array_delete(array, 0, 1)
5be1f1 
+#define array_push_front(array, item) array_insert(array, 0, (item), 1)
5be1f1 
 #define array_idx(array, idx) \
5be1f1 
 	ARRAY_TYPE_CAST_CONST(array)array_idx_i(&(array)->arr, idx)
5be1f1
5be1f1 
diff -up dovecot-2.2.36/src/lib/buffer.c.CVE_2020_12100prereq dovecot-2.2.36/src/lib/buffer.c
5be1f1 
--- dovecot-2.2.36/src/lib/buffer.c.CVE_2020_12100prereq	2020-08-09 20:22:57.566465762 +0200
5be1f1 
+++ dovecot-2.2.36/src/lib/buffer.c	2020-08-09 20:22:57.580465840 +0200
5be1f1 
@@ -148,6 +148,10 @@ void buffer_free(buffer_t **_buf)
5be1f1 
 {
5be1f1 
 	struct real_buffer *buf = (struct real_buffer *)*_buf;
5be1f1
5be1f1 
+
5be1f1 
+	if (buf == NULL)
5be1f1 
+		return;
5be1f1 
+
5be1f1 
 	*_buf = NULL;
5be1f1 
 	if (buf->alloced)
5be1f1 
 		p_free(buf->pool, buf->w_buffer);
5be1f1 
diff -up dovecot-2.2.36/src/lib-mail/test-message-decoder.c.CVE_2020_12100prereq dovecot-2.2.36/src/lib-mail/test-message-decoder.c
5be1f1 
--- dovecot-2.2.36/src/lib-mail/test-message-decoder.c.CVE_2020_12100prereq	2018-04-30 15:52:05.000000000 +0200
5be1f1 
+++ dovecot-2.2.36/src/lib-mail/test-message-decoder.c	2020-08-09 20:22:36.326347911 +0200
5be1f1 
@@ -1,7 +1,8 @@
5be1f1 
 /* Copyright (c) 2007-2018 Dovecot authors, see the included COPYING file */
5be1f1
5be1f1 
 #include "lib.h"
5be1f1 
-#include "buffer.h"
5be1f1 
+#include "str.h"
5be1f1 
+#include "istream.h"
5be1f1 
 #include "charset-utf8.h"
5be1f1 
 #include "message-parser.h"
5be1f1 
 #include "message-header-decode.h"
5be1f1 
@@ -82,6 +83,66 @@ static void test_message_decoder(void)
5be1f1 
 	test_end();
5be1f1 
 }
5be1f1
5be1f1 
+static void test_message_decoder_multipart(void)
5be1f1 
+{
5be1f1 
+	static const char test_message_input[] =
5be1f1 
+		"Content-Type: multipart/mixed; boundary=foo\n"
5be1f1 
+		"\n"
5be1f1 
+		"--foo\n"
5be1f1 
+		"Content-Transfer-Encoding: quoted-printable\n"
5be1f1 
+		"Content-Type: text/plain; charset=utf-8\n"
5be1f1 
+		"\n"
5be1f1 
+		"p=C3=A4iv=C3=A4=C3=A4\n"
5be1f1 
+		"\n"
5be1f1 
+		"--foo\n"
5be1f1 
+		"Content-Transfer-Encoding: base64\n"
5be1f1 
+		"Content-Type: text/plain; charset=utf-8\n"
5be1f1 
+		"\n"
5be1f1 
+		"ecO2dMOkIHZhYW4uCg== ignored\n"
5be1f1 
+		"--foo\n"
5be1f1 
+		"Content-Transfer-Encoding: base64\n"
5be1f1 
+		"Content-Type: text/plain; charset=utf-8\n"
5be1f1 
+		"\n"
5be1f1 
+		"?garbage\n"
5be1f1 
+		"--foo--\n";
5be1f1 
+	struct message_parser_ctx *parser;
5be1f1 
+	struct message_decoder_context *decoder;
5be1f1 
+	struct message_part *parts;
5be1f1 
+	struct message_block input, output;
5be1f1 
+	struct istream *istream;
5be1f1 
+	string_t *str_out = t_str_new(20);
5be1f1 
+	int ret;
5be1f1 
+
5be1f1 
+	test_begin("message decoder multipart");
5be1f1 
+
5be1f1 
+	istream = test_istream_create(test_message_input);
5be1f1 
+	parser = message_parser_init(pool_datastack_create(), istream, 0, 0);
5be1f1 
+	decoder = message_decoder_init(NULL, 0);
5be1f1 
+
5be1f1 
+	test_istream_set_allow_eof(istream, FALSE);
5be1f1 
+	for (size_t i = 0; i < sizeof(test_message_input); i++) {
5be1f1 
+		if (i == sizeof(test_message_input)-1)
5be1f1 
+			test_istream_set_allow_eof(istream, TRUE);
5be1f1 
+		test_istream_set_size(istream, i);
5be1f1 
+		while ((ret = message_parser_parse_next_block(parser, &input)) > 0) {
5be1f1 
+			if (message_decoder_decode_next_block(decoder, &input, &output) &&
5be1f1 
+			    output.hdr == NULL && output.size > 0)
5be1f1 
+				str_append_data(str_out, output.data, output.size);
5be1f1 
+		}
5be1f1 
+		if (i == sizeof(test_message_input)-1)
5be1f1 
+			test_assert(ret == -1);
5be1f1 
+		else
5be1f1 
+			test_assert(ret == 0);
5be1f1 
+	}
5be1f1 
+	/* NOTE: qp-decoder decoder changes \n into \r\n */
5be1f1 
+	test_assert_strcmp(str_c(str_out), "p\xC3\xA4iv\xC3\xA4\xC3\xA4\r\ny\xC3\xB6t\xC3\xA4 vaan.\n");
5be1f1 
+
5be1f1 
+	message_decoder_deinit(&decoder);
5be1f1 
+	message_parser_deinit(&parser, &parts;;
5be1f1 
+	i_stream_unref(&istream);
5be1f1 
+	test_end();
5be1f1 
+}
5be1f1 
+
5be1f1 
 static void test_message_decoder_current_content_type(void)
5be1f1 
 {
5be1f1 
 	struct message_decoder_context *ctx;
5be1f1 
@@ -149,6 +210,7 @@ int main(void)
5be1f1 
 {
5be1f1 
 	static void (*test_functions[])(void) = {
5be1f1 
 		test_message_decoder,
5be1f1 
+		//test_message_decoder_multipart,
5be1f1 
 		test_message_decoder_current_content_type,
5be1f1 
 		NULL
5be1f1 
 	};

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation