diff options
Diffstat (limited to 'gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch')
-rw-r--r-- | gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch b/gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch new file mode 100644 index 000000000000..b527c8021ba1 --- /dev/null +++ b/gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch @@ -0,0 +1,105 @@ +diff --exclude-from=/home/dang/.scripts/diffrc -up -ruN evolution-data-server-2.24.5.orig/camel/camel-smime-context.c evolution-data-server-2.24.5/camel/camel-smime-context.c +--- evolution-data-server-2.24.5.orig/camel/camel-smime-context.c 2008-09-22 06:53:58.000000000 -0400 ++++ evolution-data-server-2.24.5/camel/camel-smime-context.c 2009-03-07 14:52:57.000000000 -0500 +@@ -40,6 +40,7 @@ + #include <smime.h> + #include <pkcs11t.h> + #include <pk11func.h> ++#include <secoid.h> + + #include <errno.h> + +@@ -534,6 +535,7 @@ sm_verify_cmsg(CamelCipherContext *conte + for (i = 0; i < count; i++) { + NSSCMSContentInfo *cinfo = NSS_CMSMessage_ContentLevel(cmsg, i); + SECOidTag typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); ++ int which_digest; + + switch (typetag) { + case SEC_OID_PKCS7_SIGNED_DATA: +@@ -543,44 +545,49 @@ sm_verify_cmsg(CamelCipherContext *conte + goto fail; + } + +- /* need to build digests of the content */ +- if (!NSS_CMSSignedData_HasDigests(sigd)) { +- if (extstream == NULL) { +- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Digests missing from enveloped data")); +- goto fail; +- } +- +- if ((poolp = PORT_NewArena(1024)) == NULL) { +- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM)); +- goto fail; +- } +- +- digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd); +- +- digcx = NSS_CMSDigestContext_StartMultiple(digestalgs); +- if (digcx == NULL) { +- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests")); +- goto fail; +- } +- +- mem = (CamelStreamMem *)camel_stream_mem_new(); +- camel_stream_write_to_stream(extstream, (CamelStream *)mem); +- NSS_CMSDigestContext_Update(digcx, mem->buffer->data, mem->buffer->len); +- camel_object_unref(mem); +- +- if (NSS_CMSDigestContext_FinishMultiple(digcx, poolp, &digests) != SECSuccess) { +- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests")); +- goto fail; +- } +- +- if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) != SECSuccess) { +- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests")); +- goto fail; +- } + +- PORT_FreeArena(poolp, PR_FALSE); +- poolp = NULL; ++ if (extstream == NULL) { ++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Digests missing from enveloped data")); ++ goto fail; ++ } ++ ++ if ((poolp = PORT_NewArena(1024)) == NULL) { ++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM)); ++ goto fail; + } ++ ++ digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd); ++ ++ digcx = NSS_CMSDigestContext_StartMultiple(digestalgs); ++ if (digcx == NULL) { ++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests")); ++ goto fail; ++ } ++ ++ mem = (CamelStreamMem *)camel_stream_mem_new(); ++ camel_stream_write_to_stream(extstream, (CamelStream *)mem); ++ NSS_CMSDigestContext_Update(digcx, mem->buffer->data, mem->buffer->len); ++ camel_object_unref(mem); ++ ++ if (NSS_CMSDigestContext_FinishMultiple(digcx, poolp, &digests) != SECSuccess) { ++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests")); ++ goto fail; ++ } ++ ++ for (which_digest = 0; digests[which_digest] != NULL; which_digest++) { ++ SECOidData *digest_alg = SECOID_FindOID (&digestalgs[which_digest]->algorithm); ++ if (digest_alg == NULL) { ++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests")); ++ goto fail; ++ } ++ if (NSS_CMSSignedData_SetDigestValue (sigd, digest_alg->offset, digests[which_digest]) != SECSuccess) { ++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests")); ++ goto fail; ++ } ++ } ++ ++ PORT_FreeArena(poolp, PR_FALSE); ++ poolp = NULL; + + /* import all certificates present */ + if (NSS_CMSSignedData_ImportCerts(sigd, p->certdb, certUsageEmailSigner, PR_TRUE) != SECSuccess) { |