32 lines
866 B
Diff
32 lines
866 B
Diff
This patch solves the issue raised by CVE-2014-9116.
|
|
|
|
We correctly redefine what are the whitespace characters as per RFC5322; by
|
|
doing so we prevent mutt_substrdup from being used in a way that could lead to
|
|
a segfault.
|
|
|
|
The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
|
|
crashes due to this kind of bugs from happening again.
|
|
|
|
--- lib.c.orig
|
|
+++ lib.c
|
|
@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
|
|
size_t len;
|
|
char *p;
|
|
|
|
+ if (end != NULL && end < begin)
|
|
+ return NULL;
|
|
+
|
|
if (end)
|
|
len = end - begin;
|
|
else
|
|
--- lib.h.orig
|
|
+++ lib.h
|
|
@@ -98,7 +98,7 @@
|
|
on some systems */
|
|
# define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++;
|
|
|
|
-#define EMAIL_WSP " \t\r\n"
|
|
+#define EMAIL_WSP " \t\r"
|
|
|
|
/* skip over WSP as defined by RFC5322. This is used primarily for parsing
|
|
* header fields. */
|