-- DRAFT - XXX - DRAFT -
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales
-Topics: Denial of service in debug output.
+Topics: Denial of service in debug output
Author: Matthias Andree
-Version: 0.4 XXX
-Announced: XXX
-Type: Unbounded allocation of memory until exhaustion.
-Impact: Denial of service.
+Version: 1.0
+Announced: 2010-05-06
+Type: Unbounded allocation of memory until exhaustion
+Impact: Denial of service
Danger: low
CVE Name: CVE-2010-1167
-CVSSv2: XXX
+CVSSv2: (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:O/RC:C)
+CVSS scores: 3.2, Base 4.3 (Impact 2.9, Exploitability 8.6), Temporal 3.2
+ This is calculated without Environmental Score.
URL: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
Project URL: http://www.fetchmail.info/
Not affected: fetchmail release 6.3.17 and newer
-Corrected: 2010-04-24 Git (XXX)
+Corrected: 2010-04-24 Git, required commits:
+ 167fa2093e82f891eb2fcb6eaa0b1eb3685f44e3
+ ec06293134b85876f9201d8a52b844c41581b2b3
+
+ 2010-04-30 fetchmail 6.3.17-pre1 tarball
+
+ 2010-05-06 fetchmail 6.3.17 release tarball
0. Release history
2010-04-18 0.1 first draft (visible in SVN and through oss-security)
2010-04-19 0.2 add note announcements may appear before releases
-2010-04-20 0.3 add CVE name, fix Type:
-2010-04-24 0.4 revise patch
-2010-04-29 0.5 add info on contributing/mitigating factors
-XXX
+2010-04-20 0.3 add CVE name, fix Type:
+2010-04-24 0.4 revise patch
+2010-04-29 0.5 add info on contributing/mitigating factors
+2010-05-06 1.0 complete
1. Background
(C) Copyright 2010 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.
-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
To view a copy of this license, visit
-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
Creative Commons
-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
USA
diff --git a/rfc822.c b/rfc822.c
index 6f2dbf3..dbcda32 100644
---- a/rfc822.c
+- --- a/rfc822.c
+++ b/rfc822.c
@@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator.
#include <stdlib.h>
}
#ifndef MAIN
-- if (outlevel >= O_DEBUG)
-- report_build(stdout, GT_("About to rewrite %.*s...\n"),
-- (int)BEFORE_EOL(buf), buf);
+- - if (outlevel >= O_DEBUG)
+- - report_build(stdout, GT_("About to rewrite %.*s...\n"),
+- - (int)BEFORE_EOL(buf), buf);
+ if (outlevel >= O_DEBUG) {
+ report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf))));
+ xfree(cp);
}
#ifndef MAIN
-- if (outlevel >= O_DEBUG)
-- report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
-- (int)BEFORE_EOL(buf), buf);
+- - if (outlevel >= O_DEBUG)
+- - report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
+- - (int)BEFORE_EOL(buf), buf);
+ if (outlevel >= O_DEBUG) {
+ report_complete(stdout, GT_("...rewritten version is %s.\n"),
+ (cp = sdump(buf, BEFORE_EOL(buf))));
return(buf);
diff --git a/uid.c b/uid.c
index fdc6f5d..9a62ee2 100644
---- a/uid.c
+- --- a/uid.c
+++ b/uid.c
@@ -20,6 +20,7 @@
{
report_build(stdout, GT_("Old UID list from %s:"),
ctl->server.pollname);
-- for (idp = ctl->oldsaved; idp; idp = idp->next)
-- report_build(stdout, " %s", idp->id);
+- - for (idp = ctl->oldsaved; idp; idp = idp->next)
+- - report_build(stdout, " %s", idp->id);
+ for (idp = ctl->oldsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s", t);
if (uidlcount)
{
report_build(stdout, GT_("Scratch list of UIDs:"));
-- for (idp = scratchlist; idp; idp = idp->next)
-- report_build(stdout, " %s", idp->id);
+- - for (idp = scratchlist; idp; idp = idp->next)
+- - report_build(stdout, " %s", idp->id);
+ for (idp = scratchlist; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s", t);
report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
else
report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname);
-- for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
-- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+- - for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
+- - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+ for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s = %d", t, idp->val.status.mark);
/* this is now a merged list! the mails which were seen in this
* poll are marked here. */
report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
-- for (idp = ctl->oldsaved; idp; idp = idp->next)
-- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+- - for (idp = ctl->oldsaved; idp; idp = idp->next)
+- - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+ for (idp = ctl->oldsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s = %d", t, idp->val.status.mark);
if (!idp)
report_build(stdout, GT_(" <empty>"));
report_complete(stdout, "\n");
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZVpfQCcD3U6m1MbJOFZV4FgI7e042vF
+HcEAn0j6ZFwp9dh2G7PJSkN9CM0XazyJ
+=JUs1
+-----END PGP SIGNATURE-----
projects / ~andy / fetchmail / blobdiff