fix CAN-2004-0884.

Obtained from:	security/cyrus-sasl2

2 files changed, 20 insertions, 1 deletions

diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile
index 64512159ed79..75ff8229a9ea 100644
--- a/security/cyrus-sasl/Makefile
+++ b/security/cyrus-sasl/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	cyrus-sasl
 PORTVERSION=	1.5.28
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security ipv6
 
 MAINTAINER=	ports@FreeBSD.org
diff --git a/security/cyrus-sasl/files/patch-lib::common.c b/security/cyrus-sasl/files/patch-lib::common.c
new file mode 100644
index 000000000000..8de08cfc3b26
--- /dev/null
+++ b/security/cyrus-sasl/files/patch-lib::common.c
@@ -0,0 +1,19 @@
+Index: lib/common.c
+diff -u lib/common.c.orig lib/common.c
+--- lib/common.c.orig	Mon Nov 15 18:23:04 2004
++++ lib/common.c	Mon Nov 15 18:24:43 2004
+@@ -684,7 +684,13 @@
+ 
+   if (! path_dest)
+     return SASL_BADPARAM;
+-  path = getenv(SASL_PATH_ENV_VAR);
++
++  path = NULL;
++
++  /* Honor external variable only in a safe environment */
++  if (getuid() == geteuid() && getgid() == getegid())
++    path = getenv(SASL_PATH_ENV_VAR);
++
+   if (! path)
+     path = PLUGINDIR;
+   return _sasl_strdup(path, path_dest, NULL);