summaryrefslogtreecommitdiff
path: root/dovecot/CVE-2017-15132-1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dovecot/CVE-2017-15132-1.patch')
-rw-r--r--dovecot/CVE-2017-15132-1.patch57
1 files changed, 0 insertions, 57 deletions
diff --git a/dovecot/CVE-2017-15132-1.patch b/dovecot/CVE-2017-15132-1.patch
deleted file mode 100644
index b1d8b4923..000000000
--- a/dovecot/CVE-2017-15132-1.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a9b135760aea6d1790d447d351c56b78889dac22 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@dovecot.fi>
-Date: Fri, 26 Jan 2018 10:55:54 +0200
-Subject: [PATCH] lib-auth: Remove request after abort
-
-Otherwise the request will still stay in hash table
-and get dereferenced when all requests are aborted
-causing an attempt to access free'd memory.
-
-Found by Apollon Oikonomopoulos <apoikos@debian.org>
-
-Broken in 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
----
- src/lib-auth/auth-client-request.c | 2 ++
- src/lib-auth/auth-server-connection.c | 7 +++++++
- src/lib-auth/auth-server-connection.h | 2 ++
- 3 files changed, 11 insertions(+)
-
-diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
-index 046f7c307d..f6d0290a13 100644
---- a/src/lib-auth/auth-client-request.c
-+++ b/src/lib-auth/auth-client-request.c
-@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
-
- auth_client_send_cancel(request->conn->client, request->id);
- call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
-+ /* remove the request */
-+ auth_server_connection_remove_request(request->conn, request->id);
- pool_unref(&request->pool);
- }
-
-diff --git a/src/lib-auth/auth-server-connection.c b/src/lib-auth/auth-server-connection.c
-index 9d65450fb3..7eea061cad 100644
---- a/src/lib-auth/auth-server-connection.c
-+++ b/src/lib-auth/auth-server-connection.c
-@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
- hash_table_insert(conn->requests, POINTER_CAST(id), request);
- return id;
- }
-+
-+void auth_server_connection_remove_request(struct auth_server_connection *conn,
-+ unsigned int id)
-+{
-+ i_assert(conn->handshake_received);
-+ hash_table_remove(conn->requests, POINTER_CAST(id));
-+}
-diff --git a/src/lib-auth/auth-server-connection.h b/src/lib-auth/auth-server-connection.h
-index 179b5dbd4c..c2c533a41d 100644
---- a/src/lib-auth/auth-server-connection.h
-+++ b/src/lib-auth/auth-server-connection.h
-@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
- unsigned int
- auth_server_connection_add_request(struct auth_server_connection *conn,
- struct auth_client_request *request);
-+void auth_server_connection_remove_request(struct auth_server_connection *conn,
-+ unsigned int id);
- #endif

Generated by cgit