head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2012.08.14.22.08.09;	author gdt;	state dead;
branches;
next	1.1;

1.1
date	2012.08.09.10.06.47;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to 3.2.1.

(This is a security release, but pkgsrc already had patches from
upstream.)

This version corrects two heap overflows reported by our users:

- A small write overflow, reported by Justin Ferguson
- A large read overflow, reported by Ben Hawkes
@
text
@$NetBSD: patch-CVE-2012-3461-ad,v 1.1 2012/08/09 10:06:47 drochner Exp $

--- toolkit/parse.c.orig	2008-05-27 12:35:28.000000000 +0000
+++ toolkit/parse.c
@@@@ -64,7 +64,8 @@@@ static unsigned char *decode(const char 
 {
     const char *header, *footer;
     unsigned char *raw;
-	
+    size_t rawlen;
+
     /* Find the header */
     header = strstr(msg, "?OTR:");
     if (!header) return NULL;
@@@@ -75,8 +76,10 @@@@ static unsigned char *decode(const char 
     footer = strchr(header, '.');
     if (!footer) footer = header + strlen(header);
 
-    raw = malloc((footer-header) / 4 * 3);
-    if (raw == NULL && (footer-header >= 4)) return NULL;
+    rawlen = OTRL_B64_MAX_DECODED_SIZE(footer-header);
+
+    raw = malloc(rawlen);
+    if (raw == NULL && rawlen > 0) return NULL;
     *lenp = otrl_base64_decode(raw, header, footer-header);
 
     return raw;
@


1.1
log
@att patches from upstream to fix buffer overflow in the base64
decoder which can lead to crashes or potentially code injection
(CVE-2012-3461)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@