pkg/24982: news/nntpclnt auth bugs

[Gary Duzan <gary%duzan.org@localhost>]

>Number:         24982
>Category:       pkg
>Synopsis:       news/nntpclnt auth bugs
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 31 00:05:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Gary Duzan
>Release:        NetBSD 1.6ZK, pkgsrc as of March 30, 2004
>Organization:
        Not Much
>Environment:
System: NetBSD capo 1.6ZK NetBSD 1.6ZK (CAPO) #5: Sun Feb 22 09:40:20 EST 2004 
gary@capo:/usr2/src/sys/arch/i386/compile/obj.i386/CAPO i386
Architecture: i386
Machine: i386
>Description:
        inews core dumps when it needs to authenticate with the server
        due to a sscanf() usage bug. After that is fixed, the host,
        username, and/or password can rather easily overflow the given
        buffer sizes, leading to authentication failure.
>How-To-Repeat:
        Try to post to a server requiring authentication.
>Fix:
diff -r -u -N nntpclnt/Makefile nntpclnt.new/Makefile
--- nntpclnt/Makefile   2003-07-17 18:52:09.000000000 -0400
+++ nntpclnt.new/Makefile       2004-03-30 08:45:55.000000000 -0500
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.20 2003/07/17 22:52:09 grant Exp $
 
 DISTNAME=      nntpclnt-1.6.1
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    news
 MASTER_SITES=  ftp://ftp.uu.net/networking/news/nntp/
 
diff -r -u -N nntpclnt/distinfo nntpclnt.new/distinfo
--- nntpclnt/distinfo   2002-09-18 02:28:05.000000000 -0400
+++ nntpclnt.new/distinfo       2004-03-30 08:44:43.000000000 -0500
@@ -4,3 +4,4 @@
 Size (nntpclnt-1.6.1.tar.gz) = 34369 bytes
 SHA1 (patch-aa) = 62bcf11bb2cb0b39baf8188816a039165e9e6338
 SHA1 (patch-ab) = 2cffb1a1eb68c7520bef6b81d41c924e5aa5be2c
+SHA1 (patch-ac) = 5b33e1012e5878b6537494667c5420c62ceb7d5d
diff -r -u -N nntpclnt/patches/patch-ac nntpclnt.new/patches/patch-ac
--- nntpclnt/patches/patch-ac   1969-12-31 19:00:00.000000000 -0500
+++ nntpclnt.new/patches/patch-ac       2004-03-30 08:40:55.000000000 -0500
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- postauth.c.orig    1994-08-11 17:37:52.000000000 -0400
++++ postauth.c 2004-03-30 08:33:59.000000000 -0500
+@@ -31,7 +31,7 @@
+ {
+       char authtype[NNTP_STRLEN];
+       int i, rcode;
+-      if((i = sscanf(response,"%d %s", rcode, authtype)) != 2)
++      if((i = sscanf(response,"%d %s", &rcode, authtype)) != 2)
+               return(-1);
+ #ifdef AUTHSIMPLE
+       if (!strcasecmp(authtype,"SIMPLE"))
+@@ -54,7 +54,7 @@
+ authsimple(host)
+ char * host;
+ {
+-      char remote[256], user[16], pass[16];
++      char remote[256], user[256], pass[256];
+       char buf[BUFSIZ];
+       int i;
+ 
+@@ -110,7 +110,7 @@
+ authold(host)
+ char *host;
+ {
+-      char remote[64], user[16], pass[16];
++      char remote[256], user[256], pass[256];
+       char buf[1024];
+       int i;
+ 
>Release-Note:
>Audit-Trail:
>Unformatted: