kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

net-im/jabberd: fix CVE-2012-3525

Browse source 
PR:		ports/170894
Approved by:	maintainer timeout (2 weeks)
Security:	http://www.vuxml.org/freebsd/4d1d2f6d-ec94-11e1-8bd8-0022156e8794.html
QA page:	http://codelabs.ru/fbsd/ports/qa/net-im/jabberd/2.2.16_2
This commit is contained in:
Eygene Ryabinkin 2012-09-04 11:54:30 +00:00
parent 3a7a53d91c
commit 856c67486e
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=303651
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net-im/jabberd/Makefile
View file

@ -7,7 +7,7 @@
PORTNAME= jabberd
PORTVERSION= 2.2.16
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= net-im
MASTER_SITES= http://cloud.github.com/downloads/Jabberd2/jabberd2/
DIST_SUBDIR= jabber

25
net-im/jabberd/files/patch-cve-2012-3525 Normal file
View file

@ -0,0 +1,25 @@
Fixes CVE-2012-3525
Obtained-from: https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d.diff
diff --git a/s2s/out.c b/s2s/out.c
index 0ed9b30..7b9f44f 100644
--- s2s/out.c
+++ s2s/out.c
@@ -1661,7 +1661,7 @@ static void _out_result(conn_t out, nad_t nad) {
rkeylen = strlen(rkey);
/* key is valid */
- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
+ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s%s", out->fd->fd, out->ip, out->port, rkey, (out->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", out->s->compressed ? ", ZLIB compression enabled" : "");
xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
@@ -1749,7 +1749,7 @@ static void _out_verify(conn_t out, nad_t nad) {
rkey = s2s_route_key(NULL, to->domain, from->domain);
attr = nad_find_attr(nad, 0, -1, "type", "valid");
- if(attr >= 0) {
+ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s%s", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? ", TLS negotiated" : "", in->s->compressed ? ", ZLIB compression enabled" : "");
valid = 1;