You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

31 lines
830 B

  1. From: Antonio Radici <antonio@debian.org>
  2. Date: Fri, 18 Sep 2015 11:48:47 +0200
  3. Subject: 771125-CVE-2014-9116-jessie
  4. This patch solves the issue raised by CVE-2014-9116 in bug 771125.
  5. We correctly redefine what are the whitespace characters as per RFC5322; by
  6. doing so we prevent mutt_substrdup from being used in a way that could lead to
  7. a segfault.
  8. The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
  9. crashes due to this kind of bugs from happening again.
  10. Signed-off-by: Matteo F. Vescovi <mfv@debian.org>
  11. ---
  12. lib.c | 3 +++
  13. 1 file changed, 3 insertions(+)
  14. diff -rupN a/lib.c b/lib.c
  15. --- a/lib.c
  16. +++ b/lib.c
  17. @@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
  18. size_t len;
  19. char *p;
  20. + if (end != NULL && end < begin)
  21. + return NULL;
  22. +
  23. if (end)
  24. len = end - begin;
  25. else