Bug 731342

Summary: mailx: lzw decompressor issues
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: mailxAssignee: Dmitry Butskoy <dmitry>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dmitry, pschiffe
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-17 13:11:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
The patch I am going to apply
none
The actual patch applied none

Description Tomas Hoger 2011-08-17 11:58:28 UTC 
Description of problem:
A flaw was discovered in the LZW decompressor code from BSD compress, that is re-used by several projects, including heirloom mailx / nail, see bug #727624 for the details about the issues.

While the bug had security implication for some components embedding the code, it should only be used on trusted inputs in mailx (imap cache and spam filter database mailx itself creates).

It's unclear to me if upstream is still active or not, CVS stats suggest there was no upstream activity for almost a year.  If the patch is prepared, please submit upstream as well.

mailx unlzw code comes from FreeBSD, which does not have a fix yet.  The problem seem to have been addressed in OpenBSD and NetBSD:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/compress/zopen.c#rev1.14
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/compress/zopen.c#rev1.15

The second NetBSD fix is probably preferred, as it's more efficient.
Comment 1 Dmitry Butskoy 2011-08-17 12:41:29 UTC 
The first NetBSD fix looks more preferred for me because it looks more simple. Since unlzw functionality is not a key feature of Heirloom mailx, and it is performed on the trust input only, I think such a simple patch should be good.

Whether updates for the current branches are needed, or rawhide only is enough?
Comment 2 Dmitry Butskoy 2011-08-17 12:42:17 UTC 
Created attachment 518669 [details]
The patch I am going to apply
Comment 3 Dmitry Butskoy 2011-08-17 13:11:42 UTC 
Created attachment 518677 [details]
The actual patch applied

Rebuild in rawhide.

Reopen this bug if I need to rebuild for f14/f15/f16 as well.
Comment 4 Tomas Hoger 2011-08-17 13:39:42 UTC 
(In reply to comment #1)
> The first NetBSD fix looks more preferred for me because it looks more simple.
> Since unlzw functionality is not a key feature of Heirloom mailx, and it is
> performed on the trust input only, I think such a simple patch should be good.

The simpler patch as higher performance impact, for both valid and corrupted LZW streams.

> Whether updates for the current branches are needed, or rawhide only is enough?

Rawhide-only should be ok, ty!