diff mbox series

[meta-networking,scarthgap,2/6] fetchmail: patch CVE-2025-61962

Message ID 20251216071537.3174578-2-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-networking,scarthgap,1/6] civetweb: patch CVE-2025-9648 | expand

Commit Message

Ankur Tyagi Dec. 16, 2025, 7:15 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../fetchmail/fetchmail/CVE-2025-61962.patch  | 51 +++++++++++++++++++
 .../fetchmail/fetchmail_6.4.38.bb             |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
new file mode 100644
index 0000000000..e7555021e4
--- /dev/null
+++ b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
@@ -0,0 +1,51 @@ 
+From 7860cf0689f8bd828bdd6e7116c6670416ead6d7 Mon Sep 17 00:00:00 2001
+From: Matthias Andree <matthias.andree@gmx.de>
+Date: Fri, 3 Oct 2025 13:11:59 +0200
+Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply
+
+When fetchmail receives a 334 reply from the SMTP server
+that does not contain the mandated blank after that response
+code, it will attempt reading from memory location 1, which
+will usually lead to a crash.
+
+The simpler fix would have been to check for four bytes "334 "
+instead of three bytes "334" but that would make malformed
+replies and those that don't match the expected reply code
+indistinguishable.
+
+CVE: CVE-2025-61962
+Upstream-Status: Backport [https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8]
+(cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ smtp.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/smtp.c b/smtp.c
+index 8295c49a..9a89ef09 100644
+--- a/smtp.c
++++ b/smtp.c
+@@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
+ 		}
+ 
+ 		p = strchr(tmp, ' ');
++		if (!p) {
++			report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
++			SMTP_auth_error(sock, "");
++			return;
++		}
+ 		p++;
+ 		/* (hmh) from64tobits will not NULL-terminate strings! */
+ 		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+@@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
+ 		}
+ 
+ 		p = strchr(tmp, ' ');
++		if (!p) {
++			report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
++			SMTP_auth_error(sock, "");
++			return;
++		}
+ 		p++;
+ 		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ 			SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail_6.4.38.bb b/meta-networking/recipes-support/fetchmail/fetchmail_6.4.38.bb
index cc23d5a34e..6474cabd51 100644
--- a/meta-networking/recipes-support/fetchmail/fetchmail_6.4.38.bb
+++ b/meta-networking/recipes-support/fetchmail/fetchmail_6.4.38.bb
@@ -11,6 +11,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=ee6b9f41d9324434dd11bd8a38f1b044"
 DEPENDS = "openssl"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \
+           file://CVE-2025-61962.patch \
            "
 SRC_URI[sha256sum] = "a6cb4ea863ac61d242ffb2db564a39123761578d3e40d71ce7b6f2905be609d9"