|
@ -0,0 +1,31 @@ |
|
|
|
|
|
From: Antonio Radici <antonio@debian.org> |
|
|
|
|
|
Date: Fri, 18 Sep 2015 11:48:47 +0200 |
|
|
|
|
|
Subject: 771125-CVE-2014-9116-jessie |
|
|
|
|
|
|
|
|
|
|
|
This patch solves the issue raised by CVE-2014-9116 in bug 771125. |
|
|
|
|
|
|
|
|
|
|
|
We correctly redefine what are the whitespace characters as per RFC5322; by |
|
|
|
|
|
doing so we prevent mutt_substrdup from being used in a way that could lead to |
|
|
|
|
|
a segfault. |
|
|
|
|
|
|
|
|
|
|
|
The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent |
|
|
|
|
|
crashes due to this kind of bugs from happening again. |
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Matteo F. Vescovi <mfv@debian.org> |
|
|
|
|
|
---
|
|
|
|
|
|
lib.c | 3 +++ |
|
|
|
|
|
1 file changed, 3 insertions(+) |
|
|
|
|
|
|
|
|
|
|
|
diff -rupN a/lib.c b/lib.c
|
|
|
|
|
|
--- a/lib.c
|
|
|
|
|
|
+++ b/lib.c
|
|
|
|
|
|
@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
|
|
|
|
|
|
size_t len; |
|
|
|
|
|
char *p; |
|
|
|
|
|
|
|
|
|
|
|
+ if (end != NULL && end < begin)
|
|
|
|
|
|
+ return NULL;
|
|
|
|
|
|
+
|
|
|
|
|
|
if (end) |
|
|
|
|
|
len = end - begin; |
|
|
|
|
|
else |