dev-libs/cyrus-sasl: fix CVE-2019-19906

Bug: https://bugs.gentoo.org/703628
Package-Manager: Portage-2.3.82, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

1 files changed, 20 insertions, 0 deletions

diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch
new file mode 100644
index 000000000000..82b9e1fb6dbe
--- /dev/null
+++ b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch
@@ -0,0 +1,20 @@
+Description: CVE-2019-19906: Off-by-one in _sasl_add_string function
+Origin: vendor
+Bug: https://github.com/cyrusimap/cyrus-sasl/issues/587
+Bug-Debian: https://bugs.debian.org/947043
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19906
+Author: Stephan Zeisberg <stephan@srlabs.de>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2019-12-19
+
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t
+ 
+   if (add==NULL) add = "(null)";
+ 
+-  addlen=strlen(add); /* only compute once */
++  addlen=strlen(add)+1; /* only compute once */
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+     return SASL_NOMEM;
+