Avoid access to free'd memory in APOP authentication. Patch supplied by
Kawamoto Yosihisa in PR pkg/8371.
This commit is contained in:
tron
parent
72a8dbd07a
commit
a81f798f1f
1 changed files with 22 additions and 0 deletions
22
mail/qpopper/patches/patch-aj
Normal file
22
mail/qpopper/patches/patch-aj
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
$NetBSD: patch-aj,v 1.1 1999/09/15 21:38:45 tron Exp $
|
||||
|
||||
--- pop_apop.c.orig Fri Jul 10 08:44:07 1998
|
||||
+++ pop_apop.c Sat Sep 11 09:09:30 1999
|
||||
@@ -178,6 +178,8 @@
|
||||
dbm_close (db);
|
||||
#endif
|
||||
return(pop_auth_fail(p, POP_FAILURE, "not authorized"));
|
||||
+ } else {
|
||||
+ ddatum.dptr = obscure(ddatum.dptr);
|
||||
}
|
||||
|
||||
#ifdef GDBM
|
||||
@@ -189,7 +191,7 @@
|
||||
|
||||
MD5Init(&mdContext);
|
||||
MD5Update(&mdContext, (unsigned char *)p->md5str, strlen(p->md5str));
|
||||
- MD5Update(&mdContext, (unsigned char *)obscure(ddatum.dptr), (ddatum.dsize - 1));
|
||||
+ MD5Update(&mdContext, (unsigned char *)ddatum.dptr, (ddatum.dsize - 1));
|
||||
MD5Final(digest, &mdContext);
|
||||
|
||||
cp = buffer;
|
||||
Loading…
Reference in a new issue