mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

fetchmail: patch CVE-2025-61962

Browse Source 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 0d9da11052)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-01-05 11:02:22 +01:00
committed by Anuj Mittal
parent 0827d22e4c
commit 22b7851cde
2 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
+51
View File
@@ -0,0 +1,51 @@
From 7860cf0689f8bd828bdd6e7116c6670416ead6d7 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 3 Oct 2025 13:11:59 +0200
Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply
When fetchmail receives a 334 reply from the SMTP server
that does not contain the mandated blank after that response
code, it will attempt reading from memory location 1, which
will usually lead to a crash.
The simpler fix would have been to check for four bytes "334 "
instead of three bytes "334" but that would make malformed
replies and those that don't match the expected reply code
indistinguishable.
CVE: CVE-2025-61962
Upstream-Status: Backport [https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8]
(cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
smtp.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/smtp.c b/smtp.c
index 8295c49a..9a89ef09 100644
--- a/smtp.c
+++ b/smtp.c
@@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
}
p = strchr(tmp, ' ');
+ if (!p) {
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+ SMTP_auth_error(sock, "");
+ return;
+ }
p++;
/* (hmh) from64tobits will not NULL-terminate strings! */
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
@@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
}
p = strchr(tmp, ' ');
+ if (!p) {
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+ SMTP_auth_error(sock, "");
+ return;
+ }
p++;
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb
+1
View File
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=46d2874dd6a0c8961d80c805f106a35f"
DEPENDS = "openssl"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \
file://CVE-2025-61962.patch \
"
SRC_URI[sha256sum] = "8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe"