diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 05:23:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 05:23:55 +0000 |
| commit | 321ca030e646eb3c767b63b43f21eca099040dda (patch) | |
| tree | ee538f510f6245a7f8b3510b1f14d7ae38b1cc55 /debian/patches/CVE-2023-42114.patch | |
| parent | Releasing progress-linux version 4.92-8+deb10u7progress5u1. (diff) | |
| download | exim4-321ca030e646eb3c767b63b43f21eca099040dda.tar.xz exim4-321ca030e646eb3c767b63b43f21eca099040dda.zip | |
Merging debian version 4.92-8+deb10u8.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2023-42114.patch')
| -rw-r--r-- | debian/patches/CVE-2023-42114.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/debian/patches/CVE-2023-42114.patch b/debian/patches/CVE-2023-42114.patch new file mode 100644 index 0000000..4165f30 --- /dev/null +++ b/debian/patches/CVE-2023-42114.patch @@ -0,0 +1,77 @@ +From: Markus Koschany <apo@debian.org> +Date: Sun, 1 Oct 2023 10:38:47 +0200 +Subject: CVE-2023-42114 + +Upstream-Bug: 3001 + +Originally created by Jeremy Harris. +--- + src/auths/auth-spa.c | 36 ++++++++++++++++++++++++++++-------- + 1 file changed, 28 insertions(+), 8 deletions(-) + +diff --git a/src/auths/auth-spa.c b/src/auths/auth-spa.c +index ae8da9c..f3b0b78 100644 +--- a/src/auths/auth-spa.c ++++ b/src/auths/auth-spa.c +@@ -1263,15 +1263,10 @@ spa_bytes_add(ptr, header, b, len*2); \ + } + + +-#define GetUnicodeString(structPtr, header) \ +-unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) +-#define GetString(structPtr, header) \ +-toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) +- + #ifdef notdef + + #define DumpBuffer(fp, structPtr, header) \ +-dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) ++ dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) + + + static void +@@ -1335,8 +1330,33 @@ toString (char *p, size_t len) + return buf; + } + ++static inline uschar * ++get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr) ++{ ++int off = IVAL(&hdr->offset, 0); ++int len = SVAL(&hdr->len, 0); ++return off + len < sizeof(SPAAuthChallenge) ++ ? US unicodeToString(CS challenge + off, len/2) : US""; ++} ++ ++static inline uschar * ++get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr) ++{ ++int off = IVAL(&hdr->offset, 0); ++int len = SVAL(&hdr->len, 0); ++return off + len < sizeof(SPAAuthChallenge) ++ ? US toString(CS challenge + off, len) : US""; ++} ++ + #ifdef notdef + ++#define GetUnicodeString(structPtr, header) \ ++ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) ++ ++#define GetString(structPtr, header) \ ++ toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) ++ ++ + void + dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request) + { +@@ -1507,8 +1527,8 @@ spa_build_auth_response (SPAAuthChallenge * challenge, + } + + else domain = d = string_copy(cf & 0x1 +- ? CUS GetUnicodeString(challenge, uDomain) +- : CUS GetString(challenge, uDomain)); ++ ? CUS get_challenge_unistr(challenge, &challenge->uDomain) ++ : CUS get_challenge_str(challenge, &challenge->uDomain)); + + spa_smb_encrypt(password, challenge->challengeData, lmRespData); + spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData); |