Overview

File inn-linereset.diff of Package inn

--- ./nnrpd/line.c.orig	2010-03-24 20:10:36.000000000 +0000
+++ ./nnrpd/line.c	2012-09-04 15:41:37.000000000 +0000
@@ -67,6 +67,17 @@ line_init(struct line *line)
 }
 
 /*
+**  Reset a line structure
+*/
+void
+line_reset(struct line *line)
+{
+    assert(line);
+    line->where = line->start;
+    line->remaining = 0;
+}
+
+/*
 **  Timeout is used only if HAVE_SSL is defined.
 */
 static ssize_t
--- ./nnrpd/misc.c.orig	2010-03-24 20:10:36.000000000 +0000
+++ ./nnrpd/misc.c	2012-09-04 15:43:19.000000000 +0000
@@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN
         GRPcount = 0;
         PERMgroupmadeinvalid = false;
     }
+
+    /* Reset our read buffer so as to prevent plaintext command injection. */
+    line_reset(&NNTPline);
 }
 #endif /* HAVE_SSL */
--- ./nnrpd/nnrpd.h.orig	2010-03-24 20:10:36.000000000 +0000
+++ ./nnrpd/nnrpd.h	2012-09-04 15:42:15.000000000 +0000
@@ -292,6 +292,7 @@ void PY_dynamic_init (char* file);
 
 void line_free(struct line *);
 void line_init(struct line *);
+void line_reset(struct line *);
 READTYPE line_read(struct line *, int, const char **, size_t *, size_t *);
 
 #ifdef HAVE_SASL
--- ./nnrpd/sasl.c.orig	2012-09-04 15:43:27.000000000 +0000
+++ ./nnrpd/sasl.c	2012-09-04 15:44:22.000000000 +0000
@@ -326,6 +326,9 @@ SASLauth(int ac, char *av[])
                 GRPcount = 0;
                 PERMgroupmadeinvalid = false;
             }
+
+            /* Reset our read buffer so as to prevent plaintext command injection. */
+            line_reset(&NNTPline);
         }
     } else {
 	/* Failure. */
openSUSE Build Service is sponsored by
Places