From f516638b7fe9592837389826a6152a7e1b251c54 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 30 May 2020 11:44:06 +0100
Subject: gentoo resync : 30.05.2020

---
 .../files/netqmail-1.06-CVE-2005-1513.patch        | 66 ++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch

(limited to 'mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch')

diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch
new file mode 100644
index 000000000000..58af5a9cee11
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch
@@ -0,0 +1,66 @@
+From bb92ea678c2a2a524d2ee6e9d598275a659168d2 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:30:13 +0200
+Subject: [PATCH 3/4] mimimum fix for CVE-2005-1513
+
+The first allocation at the tail of the function is not changed as that
+one starts with a small number of elements and grows only on
+subsequent call.s
+---
+ gen_allocdefs.h | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/gen_allocdefs.h b/gen_allocdefs.h
+index 783a9b1..0588441 100644
+--- a/gen_allocdefs.h
++++ b/gen_allocdefs.h
+@@ -4,24 +4,41 @@
+ #define GEN_ALLOC_ready(ta,type,field,len,a,i,n,x,base,ta_ready) \
+ int ta_ready(x,n) register ta *x; register unsigned int n; \
+ { register unsigned int i; \
++  unsigned int nlen; \
+   if (x->field) { \
+     i = x->a; \
+     if (n > i) { \
+-      x->a = base + n + (n >> 3); \
+-      if (alloc_re(&x->field,i * sizeof(type),x->a * sizeof(type))) return 1; \
++      unsigned int nnum; \
++      if (__builtin_add_overflow(base, n, &nlen)) \
++        return 0; \
++      if (__builtin_add_overflow(nlen, n >> 3, &nlen)) \
++        return 0; \
++      if (__builtin_mul_overflow(nlen, sizeof(type), &nnum)) \
++        return 0; \
++      x->a = nlen; \
++      if (alloc_re(&x->field,i * sizeof(type),nnum)) return 1; \
+       x->a = i; return 0; } \
+     return 1; } \
+   x->len = 0; \
+   return !!(x->field = (type *) alloc((x->a = n) * sizeof(type))); }
+ 
+ #define GEN_ALLOC_readyplus(ta,type,field,len,a,i,n,x,base,ta_rplus) \
+-int ta_rplus(x,n) register ta *x; register unsigned int n; \
++int ta_rplus(x,n) register ta *x; unsigned int n; \
+ { register unsigned int i; \
+   if (x->field) { \
+     i = x->a; n += x->len; \
++    if (__builtin_add_overflow(n, x->len, &n)) \
++      return 0; \
+     if (n > i) { \
+-      x->a = base + n + (n >> 3); \
+-      if (alloc_re(&x->field,i * sizeof(type),x->a * sizeof(type))) return 1; \
++      unsigned int nlen, nnum; \
++      if (__builtin_add_overflow(base, n, &nlen)) \
++        return 0; \
++      if (__builtin_add_overflow(nlen, n >> 3, &nlen)) \
++        return 0; \
++      if (__builtin_mul_overflow(nlen, sizeof(type), &nnum)) \
++        return 0; \
++      x->a = nlen; \
++      if (alloc_re(&x->field,i * sizeof(type),nnum)) return 1; \
+       x->a = i; return 0; } \
+     return 1; } \
+   x->len = 0; \
+-- 
+2.26.1
+
-- 
cgit v1.2.3