mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 17:19:23 +00:00
Code Issues Projects Releases Wiki Activity

fetchmail: patch CVE-2025-61962

Browse Source 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2025-12-16 12:45:33 +05:30
committed by Anuj Mittal
parent eb338ebb60
commit 0d9da11052
2 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
+51
View File
@@ -0,0 +1,51 @@
From 7860cf0689f8bd828bdd6e7116c6670416ead6d7 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 3 Oct 2025 13:11:59 +0200
Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply
When fetchmail receives a 334 reply from the SMTP server
that does not contain the mandated blank after that response
code, it will attempt reading from memory location 1, which
will usually lead to a crash.
The simpler fix would have been to check for four bytes "334 "
instead of three bytes "334" but that would make malformed
replies and those that don't match the expected reply code
indistinguishable.
CVE: CVE-2025-61962
Upstream-Status: Backport [https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8]
(cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
smtp.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/smtp.c b/smtp.c
index 8295c49a..9a89ef09 100644
--- a/smtp.c
+++ b/smtp.c
@@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
}
p = strchr(tmp, ' ');
+ if (!p) {
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+ SMTP_auth_error(sock, "");
+ return;
+ }
p++;
/* (hmh) from64tobits will not NULL-terminate strings! */
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
@@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
}
p = strchr(tmp, ' ');
+ if (!p) {
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+ SMTP_auth_error(sock, "");
+ return;
+ }
p++;
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
meta-networking/recipes-support/fetchmail/fetchmail_6.4.38.bb
+1
View File
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ee6b9f41d9324434dd11bd8a38f1b044"
DEPENDS = "openssl" DEPENDS = "openssl"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \
file://CVE-2025-61962.patch \
" "
SRC_URI[sha256sum] = "a6cb4ea863ac61d242ffb2db564a39123761578d3e40d71ce7b6f2905be609d9" SRC_URI[sha256sum] = "a6cb4ea863ac61d242ffb2db564a39123761578d3e40d71ce7b6f2905be609d9"