File netatalk-CVE-2024-38439,38440,38441.patch of Package netatalk.34547

Index: netatalk-3.1.18/etc/afpd/auth.c
===================================================================
--- netatalk-3.1.18.orig/etc/afpd/auth.c
+++ netatalk-3.1.18/etc/afpd/auth.c
@@ -616,6 +616,9 @@ int afp_login(AFPObj *obj, char *ibuf, s
     if (ibuflen < 2)
         return send_reply(obj, AFPERR_BADVERS );
 
+    if (ibuf == NULL)
+        return send_reply(obj, AFPERR_PARAM);
+
     ibuf++;
     len = (unsigned char) *ibuf++;
     ibuflen -= 2;
@@ -670,6 +673,9 @@ int afp_login_ext(AFPObj *obj, char *ibu
     if (ibuflen < 5)
         return send_reply(obj, AFPERR_BADVERS );
 
+    if (ibuf == NULL)
+        return send_reply(obj, AFPERR_PARAM);
+
     ibuf++;
     ibuf++;     /* pad  */
     ibuf +=2;   /* flag */
@@ -757,6 +763,10 @@ int afp_login_ext(AFPObj *obj, char *ibu
         return send_reply(obj, AFPERR_PARAM);
     }
 #endif
+    if (ibuflen < len) {
+        LOG(log_error, logtype_afpd, "login_ext: Login failed. Invalid directory service name!" );
+        return send_reply(obj, AFPERR_PARAM);
+    }
     ibuf += len;
     ibuflen -= len;
 
Index: netatalk-3.1.18/etc/afpd/directory.c
===================================================================
--- netatalk-3.1.18.orig/etc/afpd/directory.c
+++ netatalk-3.1.18/etc/afpd/directory.c
@@ -2507,6 +2507,9 @@ int afp_mapname(AFPObj *obj, char *ibuf,
         return( AFPERR_PARAM );
     }
 
+    if (len >= ibuflen - 1)
+        return AFPERR_PARAM;
+
     ibuf[ len ] = '\0';
 
     if ( len == 0 )
Index: netatalk-3.1.18/etc/uams/uams_dhx_pam.c
===================================================================
--- netatalk-3.1.18.orig/etc/uams/uams_dhx_pam.c
+++ netatalk-3.1.18/etc/uams/uams_dhx_pam.c
@@ -683,6 +683,8 @@ static int pam_changepw(void *obj, char
     /* Set these things up for the conv function. the old password
      * is at the end. */
     ibuf += KEYSIZE;
+    if (ibuflen <= PASSWDLEN + PASSWDLEN)
+        return AFPERR_PARAM;
     ibuf[PASSWDLEN + PASSWDLEN] = '\0';
     PAM_password = ibuf + PASSWDLEN;
 
@@ -713,6 +715,8 @@ static int pam_changepw(void *obj, char
 
     /* new password */
     PAM_password = ibuf;
+    if (ibuflen <= PASSWDLEN)
+        return AFPERR_PARAM;
     ibuf[PASSWDLEN] = '\0';
 
     /* this really does need to be done as root */
Index: netatalk-3.1.18/etc/uams/uams_pam.c
===================================================================
--- netatalk-3.1.18.orig/etc/uams/uams_pam.c
+++ netatalk-3.1.18/etc/uams/uams_pam.c
@@ -142,6 +142,8 @@ static int login(void *obj, char *userna
 	hostname = NULL;
     }
     
+    if (ibuflen <= PASSWDLEN)
+        return AFPERR_PARAM;
     ibuf[ PASSWDLEN ] = '\0';
 
     if (( pwd = uam_getname(obj, username, ulen)) == NULL ) {
Index: netatalk-3.1.18/etc/uams/uams_passwd.c
===================================================================
--- netatalk-3.1.18.orig/etc/uams/uams_passwd.c
+++ netatalk-3.1.18/etc/uams/uams_passwd.c
@@ -66,7 +66,7 @@ static int pwd_login(void *obj, char *us
         return AFPERR_MISC;
 #endif /* TRU64 */
 
-    if (ibuflen < PASSWDLEN) {
+    if (ibuflen <= PASSWDLEN) {
         return( AFPERR_PARAM );
     }
     ibuf[ PASSWDLEN ] = '\0';
@@ -186,7 +186,7 @@ static int passwd_login_ext(void *obj, c
                              (void *) &username, &ulen) < 0)
         return AFPERR_MISC;
 
-    if (*uname != 3)
+    if (*uname != 3 || ibuflen < 2)
         return AFPERR_PARAM;
     uname++;
     memcpy(&temp16, uname, sizeof(temp16));