diff options
Diffstat (limited to 'dovecot/CVE-2017-15132-1.patch')
-rw-r--r-- | dovecot/CVE-2017-15132-1.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/dovecot/CVE-2017-15132-1.patch b/dovecot/CVE-2017-15132-1.patch deleted file mode 100644 index b1d8b4923..000000000 --- a/dovecot/CVE-2017-15132-1.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a9b135760aea6d1790d447d351c56b78889dac22 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi <aki.tuomi@dovecot.fi> -Date: Fri, 26 Jan 2018 10:55:54 +0200 -Subject: [PATCH] lib-auth: Remove request after abort - -Otherwise the request will still stay in hash table -and get dereferenced when all requests are aborted -causing an attempt to access free'd memory. - -Found by Apollon Oikonomopoulos <apoikos@debian.org> - -Broken in 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 ---- - src/lib-auth/auth-client-request.c | 2 ++ - src/lib-auth/auth-server-connection.c | 7 +++++++ - src/lib-auth/auth-server-connection.h | 2 ++ - 3 files changed, 11 insertions(+) - -diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c -index 046f7c307d..f6d0290a13 100644 ---- a/src/lib-auth/auth-client-request.c -+++ b/src/lib-auth/auth-client-request.c -@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request) - - auth_client_send_cancel(request->conn->client, request->id); - call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); -+ /* remove the request */ -+ auth_server_connection_remove_request(request->conn, request->id); - pool_unref(&request->pool); - } - -diff --git a/src/lib-auth/auth-server-connection.c b/src/lib-auth/auth-server-connection.c -index 9d65450fb3..7eea061cad 100644 ---- a/src/lib-auth/auth-server-connection.c -+++ b/src/lib-auth/auth-server-connection.c -@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn, - hash_table_insert(conn->requests, POINTER_CAST(id), request); - return id; - } -+ -+void auth_server_connection_remove_request(struct auth_server_connection *conn, -+ unsigned int id) -+{ -+ i_assert(conn->handshake_received); -+ hash_table_remove(conn->requests, POINTER_CAST(id)); -+} -diff --git a/src/lib-auth/auth-server-connection.h b/src/lib-auth/auth-server-connection.h -index 179b5dbd4c..c2c533a41d 100644 ---- a/src/lib-auth/auth-server-connection.h -+++ b/src/lib-auth/auth-server-connection.h -@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn, - unsigned int - auth_server_connection_add_request(struct auth_server_connection *conn, - struct auth_client_request *request); -+void auth_server_connection_remove_request(struct auth_server_connection *conn, -+ unsigned int id); - #endif |