rpms/dovecot/FC-5 dovecot-1.0.beta8-file-cache-bof.patch, NONE, 1.1 dovecot.spec, 1.52, 1.53

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Dec 21 13:32:58 UTC 2006 

Author: tjanouse

Update of /cvs/dist/rpms/dovecot/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv2452

Modified Files:
	dovecot.spec 
Added Files:
	dovecot-1.0.beta8-file-cache-bof.patch 
Log Message:
* Thu Dec 21 2006 Tomas Janousek <tjanouse at redhat.com> - 1.0-0.beta8.3.fc5
- fixed off by one (#216508, CVE-2006-5973)


dovecot-1.0.beta8-file-cache-bof.patch:
 file-cache.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

--- NEW FILE dovecot-1.0.beta8-file-cache-bof.patch ---
--- dovecot-1.0.beta8/src/lib/file-cache.c.file-cache-bof	2006-02-17 04:00:17.000000000 +0100
+++ dovecot-1.0.beta8/src/lib/file-cache.c	2006-12-21 14:24:51.000000000 +0100
@@ -128,8 +128,8 @@
 	i_assert(psize > 0);
 
 	bits = buffer_get_space_unsafe(cache->page_bitmask, 0,
-				       poffset / CHAR_BIT +
-				       (psize + CHAR_BIT - 1) / CHAR_BIT);
+				       (poffset + psize + CHAR_BIT - 1) /
+				       CHAR_BIT);
 
 	dest_offset = poffset * page_size;
 	dest = PTR_OFFSET(cache->mmap_base, dest_offset);
@@ -267,7 +267,7 @@
 	}
 
 	bits = buffer_get_space_unsafe(cache->page_bitmask, offset / CHAR_BIT,
-				       (size + CHAR_BIT - 1) / CHAR_BIT);
+				       1 + (size + CHAR_BIT - 1) / CHAR_BIT);
 
 	/* set the first byte */
 	for (i = offset % CHAR_BIT, mask = 0; i < CHAR_BIT && size > 0; i++) {


Index: dovecot.spec
===================================================================
RCS file: /cvs/dist/rpms/dovecot/FC-5/dovecot.spec,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- dovecot.spec	21 Dec 2006 12:32:12 -0000	1.52
+++ dovecot.spec	21 Dec 2006 13:32:56 -0000	1.53
@@ -24,6 +24,7 @@
 Patch104: dovecot-1.0.beta2-lib64.patch
 #Patch105: dovecot-1.0.beta2-sqlite-check.patch
 Patch106: dovecot-1.0.beta8-mkcert-paths.patch
+Patch107: dovecot-1.0.beta8-file-cache-bof.patch
 
 # XXX this patch needs review and forward porting
 #Patch105: dovecot-auth-log.patch
@@ -74,6 +75,7 @@
 #%patch104 -p1 -b .lib64
 #%patch105 -p1 -b .sqlite-check
 %patch106 -p1 -b .mkcert-paths
+%patch107 -p1 -b .file-cache-bof
 
 %build
 rm -f ./configure
@@ -215,8 +217,9 @@
 
 %changelog
 * Thu Dec 21 2006 Tomas Janousek <tjanouse at redhat.com> - 1.0-0.beta8.3.fc5
-- fix default paths in the example mkcert.sh to match configuration
+- fixed default paths in the example mkcert.sh to match configuration
   defaults (fixes #183151)
+- fixed off by one (#216508, CVE-2006-5973)
 
 * Thu Jun 08 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2.fc5
 - bring FC-5 branch up to date with the rawhide one (bugfixes only)

More information about the fedora-cvs-commits mailing list