From: Antonio Radici <antonio@debian.org>
Date: Fri, 18 Sep 2015 11:48:47 +0200
Subject: 771125-CVE-2014-9116-jessie

This patch solves the issue raised by CVE-2014-9116 in bug 771125.

We correctly redefine what are the whitespace characters as per RFC5322; by
doing so we prevent mutt_substrdup from being used in a way that could lead to
a segfault.

The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
crashes due to this kind of bugs from happening again.

Signed-off-by: Matteo F. Vescovi <mfv@debian.org>
---
 lib.c | 3 +++
 1 file changed, 3 insertions(+)

diff -rupN a/lib.c b/lib.c
--- a/lib.c
+++ b/lib.c
@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
   size_t len;
   char *p;
 
+  if (end != NULL && end < begin)
+    return NULL;
+
   if (end)
     len = end - begin;
   else