Removing old releases and adding a new one with sec fix.

3 files changed, 261 insertions, 1 deletions

diff --git a/net-im/jabberd/files/digest-jabberd-2.0-r1 b/net-im/jabberd/files/digest-jabberd-2.0-r1
deleted file mode 100644
index 171fd457b407..000000000000
--- a/net-im/jabberd/files/digest-jabberd-2.0-r1
+++ /dev/null
@@ -1 +0,0 @@
-MD5 c15f8f07cb2ee499cd21c0b883b9f353 jabberd-2.0s3.tar.gz 705819
diff --git a/net-im/jabberd/files/digest-jabberd-2.0-r2 b/net-im/jabberd/files/digest-jabberd-2.0-r2
new file mode 100644
index 000000000000..50ae0b1961c3
--- /dev/null
+++ b/net-im/jabberd/files/digest-jabberd-2.0-r2
@@ -0,0 +1 @@
+MD5 2682037fc177e1f3e7d7869cb3f59c1d jabberd-2.0s4.tar.gz 716819
diff --git a/net-im/jabberd/files/patch-c2s-buffers b/net-im/jabberd/files/patch-c2s-buffers
new file mode 100644
index 000000000000..91123566fa04
--- /dev/null
+++ b/net-im/jabberd/files/patch-c2s-buffers
@@ -0,0 +1,260 @@
+diff -ru c2sorig/authreg.c c2s/authreg.c
+--- c2sorig/authreg.c	Mon Nov 22 15:53:34 2004
++++ c2s/authreg.c	Mon Nov 22 20:06:25 2004
+@@ -623,7 +623,7 @@
+         log_write(c2s->log, LOG_NOTICE, "[%d] created user: user=%s; realm=%s", sess->s->tag, username, sess->realm);
+ 
+     /* extract the password */
+-    snprintf(password, 1024, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem));
++    snprintf(password, 257, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem));
+ 
+     /* change it */
+     if((c2s->ar->set_password)(c2s->ar, username, sess->realm, password) != 0)
+diff -ru c2sorig/authreg_mysql.c c2s/authreg_mysql.c
+--- c2sorig/authreg_mysql.c	Mon Nov 22 15:53:34 2004
++++ c2s/authreg_mysql.c	Mon Nov 22 16:55:37 2004
+@@ -24,6 +24,10 @@
+ 
+ #ifdef STORAGE_MYSQL
+ 
++#define MYSQL_LU  1024   /* maximum length of username - should correspond to field length */
++#define MYSQL_LR   256   /* maximum length of realm - should correspond to field length */
++#define MYSQL_LP   256   /* maximum length of password - should correspond to field length */
++
+ #include <mysql.h>
+ 
+ typedef struct mysqlcontext_st {
+@@ -42,7 +46,8 @@
+ static MYSQL_RES *_ar_mysql_get_user_tuple(authreg_t ar, char *username, char *realm) {
+     mysqlcontext_t ctx = (mysqlcontext_t) ar->private;
+     MYSQL *conn = ctx->conn;
+-    char euser[2049], erealm[2049], sql[5121];  /* query(1024) + euser(2048) + erealm(2048) + \0(1) */
++    char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1];
++    char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024 + MYSQL_LU*2 + MYSQL_LR*2 + 1];  /* query(1024) + euser + erealm + \0(1) */
+     MYSQL_RES *res;
+     
+     if(mysql_ping(conn) != 0) {
+@@ -50,8 +55,11 @@
+         return NULL;
+     }
+ 
+-    mysql_real_escape_string(conn, euser, username, strlen(username));
+-    mysql_real_escape_string(conn, erealm, realm, strlen(realm));
++    snprintf(iuser, MYSQL_LU+1, "%s", username);
++    snprintf(irealm, MYSQL_LR+1, "%s", realm);
++
++    mysql_real_escape_string(conn, euser, iuser, strlen(iuser));
++    mysql_real_escape_string(conn, erealm, irealm, strlen(irealm));
+ 
+     sprintf(sql, ctx->sql_select, euser, erealm);
+ 
+@@ -127,15 +135,21 @@
+ static int _ar_mysql_set_password(authreg_t ar, char *username, char *realm, char password[257]) {
+     mysqlcontext_t ctx = (mysqlcontext_t) ar->private;
+     MYSQL *conn = ctx->conn;
+-    char euser[2049], erealm[2049], epass[513], sql[5633];  /* query(1024) + euser(2048) + erealm(2048) + epass(512) + \0(1) */
++    char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1];
++    char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], epass[513], sql[1024+MYSQL_LU*2+MYSQL_LR*2+512+1];  /* query(1024) + euser + erealm + epass(512) + \0(1) */
+ 
+     if(mysql_ping(conn) != 0) {
+         log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost");
+         return 1;
+     }
+ 
+-    mysql_real_escape_string(conn, euser, username, strlen(username));
+-    mysql_real_escape_string(conn, erealm, realm, strlen(realm));
++    snprintf(iuser, MYSQL_LU+1, "%s", username);
++    snprintf(irealm, MYSQL_LR+1, "%s", realm);
++
++    password[256]= '\0';
++
++    mysql_real_escape_string(conn, euser, iuser, strlen(iuser));
++    mysql_real_escape_string(conn, erealm, irealm, strlen(irealm));
+     mysql_real_escape_string(conn, epass, password, strlen(password));
+ 
+     sprintf(sql, ctx->sql_setpassword, epass, euser, erealm);
+@@ -195,15 +209,19 @@
+ static int _ar_mysql_set_zerok(authreg_t ar, char *username, char *realm, char hash[41], char token[11], int sequence) {
+     mysqlcontext_t ctx = (mysqlcontext_t) ar->private;
+     MYSQL *conn = ctx->conn;
+-    char euser[2049], erealm[2049], ehash[81], etoken[21], sql[5233]; /* query(1024) + euser(2048) + erealm(2048) + ehash(80) + etoken(20) + sequence(12) + \0(1) */
++    char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1];
++    char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], ehash[81], etoken[21], sql[1024+MYSQL_LU*2+MYSQL_LR*2+80+20+12+1]; /* query(1024) + euser + erealm + ehash(80) + etoken(20) + sequence(12) + \0(1) */
+ 
+     if(mysql_ping(conn) != 0) {
+         log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost");
+         return 1;
+     }
+ 
+-    mysql_real_escape_string(conn, euser, username, strlen(username));
+-    mysql_real_escape_string(conn, erealm, realm, strlen(realm));
++    snprintf(iuser, MYSQL_LU+1, "%s", username);
++    snprintf(irealm, MYSQL_LR+1, "%s", realm);
++
++    mysql_real_escape_string(conn, euser, iuser, strlen(iuser));
++    mysql_real_escape_string(conn, erealm, irealm, strlen(irealm));
+     mysql_real_escape_string(conn, ehash, hash, strlen(hash));
+     mysql_real_escape_string(conn, etoken, token, strlen(token));
+ 
+@@ -222,7 +240,8 @@
+ static int _ar_mysql_create_user(authreg_t ar, char *username, char *realm) {
+     mysqlcontext_t ctx = (mysqlcontext_t) ar->private;
+     MYSQL *conn = ctx->conn;
+-    char euser[2049], erealm[2049], sql[5121];    /* query(1024) + euser(2048) + erealm(2048) + \0(1) */
++    char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1];
++    char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024+MYSQL_LU*2+MYSQL_LR*2+1];    /* query(1024) + euser + erealm + \0(1) */
+     MYSQL_RES *res = _ar_mysql_get_user_tuple(ar, username, realm);
+ 
+     if(res != NULL) {
+@@ -237,8 +256,11 @@
+         return 1;
+     }
+ 
+-    mysql_real_escape_string(conn, euser, username, strlen(username));
+-    mysql_real_escape_string(conn, erealm, realm, strlen(realm));
++    snprintf(iuser, MYSQL_LU+1, "%s", username);
++    snprintf(irealm, MYSQL_LR+1, "%s", realm);
++
++    mysql_real_escape_string(conn, euser, iuser, strlen(iuser));
++    mysql_real_escape_string(conn, erealm, irealm, strlen(irealm));
+ 
+     sprintf(sql, ctx->sql_create, euser, erealm);
+ 
+@@ -255,15 +277,19 @@
+ static int _ar_mysql_delete_user(authreg_t ar, char *username, char *realm) {
+     mysqlcontext_t ctx = (mysqlcontext_t) ar->private;
+     MYSQL *conn = ctx->conn;
+-    char euser[2049], erealm[2049], sql[5121];    /* query(1024) + euser(2048) + erealm(2048) + \0(1) */
++    char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1];
++    char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024+MYSQL_LU*2+MYSQL_LR*2+1];    /* query(1024) + euser + erealm + \0(1) */
+ 
+     if(mysql_ping(conn) != 0) {
+         log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost");
+         return 1;
+     }
+ 
+-    mysql_real_escape_string(conn, euser, username, strlen(username));
+-    mysql_real_escape_string(conn, erealm, realm, strlen(realm));
++    snprintf(iuser, MYSQL_LU+1, "%s", username);
++    snprintf(irealm, MYSQL_LR+1, "%s", realm);
++
++    mysql_real_escape_string(conn, euser, iuser, strlen(iuser));
++    mysql_real_escape_string(conn, erealm, irealm, strlen(irealm));
+ 
+     sprintf(sql, ctx->sql_delete, euser, erealm);
+ 
+diff -ru c2sorig/authreg_pgsql.c c2s/authreg_pgsql.c
+--- c2sorig/authreg_pgsql.c	Mon Nov 22 15:53:34 2004
++++ c2s/authreg_pgsql.c	Mon Nov 22 16:52:20 2004
+@@ -26,6 +26,10 @@
+ 
+ #include <libpq-fe.h>
+ 
++#define PGSQL_LU  1024   /* maximum length of username - should correspond to field length */
++#define PGSQL_LR   256   /* maximum length of realm - should correspond to field length */
++#define PGSQL_LP   256   /* maximum length of password - should correspond to field length */
++
+ typedef struct pgsqlcontext_st {
+   PGconn * conn;
+   char * sql_create;
+@@ -42,11 +46,16 @@
+ static PGresult *_ar_pgsql_get_user_tuple(authreg_t ar, char *username, char *realm) {
+     pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private;
+     PGconn *conn = ctx->conn;
+-    char euser[2049], erealm[2049], sql[5121];  /* query(1024) + euser(2048) + erealm(2048) + \0(1) */
++
++    char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1];
++    char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], sql[1024+PGSQL_LU*2+PGSQL_LR*2+1];  /* query(1024) + euser + erealm + \0(1) */
+     PGresult *res;
+ 
+-    PQescapeString(euser, username, strlen(username));
+-    PQescapeString(erealm, realm, strlen(realm));
++    snprintf(iuser, PGSQL_LU+1, "%s", username);
++    snprintf(irealm, PGSQL_LR+1, "%s", realm);
++
++    PQescapeString(euser, iuser, strlen(iuser));
++    PQescapeString(erealm, irealm, strlen(irealm));
+ 
+     sprintf(sql, ctx->sql_select, euser, erealm);
+ 
+@@ -114,11 +123,15 @@
+ static int _ar_pgsql_set_password(authreg_t ar, char *username, char *realm, char password[257]) {
+     pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private;
+     PGconn *conn = ctx->conn;
+-    char euser[2049], erealm[2049], epass[513], sql[5633];  /* query(1024) + euser(2048) + erealm(2048) + epass(512) + \0(1) */
++    char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1];
++    char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], epass[513], sql[1024+PGSQL_LU*2+PGSQL_LR*2+512+1];  /* query(1024) + euser + erealm + epass(512) + \0(1) */
+     PGresult *res;
+ 
+-    PQescapeString(euser, username, strlen(username));
+-    PQescapeString(erealm, realm, strlen(realm));
++    snprintf(iuser, PGSQL_LU+1, "%s", username);
++    snprintf(irealm, PGSQL_LR+1, "%s", realm);
++
++    PQescapeString(euser, iuser, strlen(iuser));
++    PQescapeString(erealm, irealm, strlen(irealm));
+     PQescapeString(epass, password, strlen(password));
+ 
+     sprintf(sql, ctx->sql_setpassword, epass, euser, erealm);
+@@ -177,11 +190,15 @@
+ static int _ar_pgsql_set_zerok(authreg_t ar, char *username, char *realm, char hash[41], char token[11], int sequence) {
+     pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private;
+     PGconn *conn = ctx->conn;
+-    char euser[2049], erealm[2049], ehash[81], etoken[21], sql[5233]; /* query(1024) + euser(2048) + erealm(2048) + ehash(80) + etoken(20) + sequence(12) + \0(1) */
++    char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1];
++    char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], ehash[81], etoken[21], sql[1024 + PGSQL_LU*2 + PGSQL_LR*2 + 80 + 20 + 12 + 1]; /* query(1024) + euser + erealm + ehash(80) + etoken(20) + sequence(12) + \0(1) */
+     PGresult *res;
+ 
+-    PQescapeString(euser, username, strlen(username));
+-    PQescapeString(erealm, realm, strlen(realm));
++    snprintf(iuser, PGSQL_LU+1, "%s", username);
++    snprintf(irealm, PGSQL_LR+1, "%s", realm);
++
++    PQescapeString(euser, iuser, strlen(iuser));
++    PQescapeString(erealm, irealm, strlen(irealm));
+     PQescapeString(ehash, hash, strlen(hash));
+     PQescapeString(etoken, token, strlen(token));
+ 
+@@ -210,7 +227,8 @@
+ static int _ar_pgsql_create_user(authreg_t ar, char *username, char *realm) {
+     pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private;
+     PGconn *conn = ctx->conn;
+-    char euser[2049], erealm[2049], sql[5121];    /* query(1024) + euser(2048) + erealm(2048) + \0(1) */
++    char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1];
++    char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], sql[1024+PGSQL_LU*2+PGSQL_LR*2+1];  /* query(1024) + euser + erealm + \0(1) */
+     PGresult *res;
+ 
+     res = _ar_pgsql_get_user_tuple(ar, username, realm);
+@@ -221,8 +239,11 @@
+ 
+     PQclear(res);
+ 
+-    PQescapeString(euser, username, strlen(username));
+-    PQescapeString(erealm, realm, strlen(realm));
++    snprintf(iuser, PGSQL_LU+1, "%s", username);
++    snprintf(irealm, PGSQL_LR+1, "%s", realm);
++
++    PQescapeString(euser, iuser, strlen(iuser));
++    PQescapeString(erealm, irealm, strlen(irealm));
+ 
+     sprintf(sql, ctx->sql_create, euser, erealm);
+ 
+@@ -249,11 +270,15 @@
+ static int _ar_pgsql_delete_user(authreg_t ar, char *username, char *realm) {
+     pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private;
+     PGconn *conn = ctx->conn;
+-    char euser[2049], erealm[2049], sql[5121];    /* query(1024) + euser(2048) + erealm(2048) + \0(1) */
++    char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1];
++    char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], sql[1024+PGSQL_LU*2+PGSQL_LR*2+1];    /* query(1024) + euser + erealm + \0(1) */
+     PGresult *res;
+ 
+-    PQescapeString(euser, username, strlen(username));
+-    PQescapeString(erealm, realm, strlen(realm));
++    snprintf(iuser, PGSQL_LU+1, "%s", username);
++    snprintf(irealm, PGSQL_LR+1, "%s", realm);
++
++    PQescapeString(euser, iuser, strlen(iuser));
++    PQescapeString(erealm, irealm, strlen(irealm));
+ 
+     sprintf(sql, ctx->sql_delete, euser, erealm);
+