This patch solves the issue raised by CVE-2014-9116 in bug 771125.
We correctly redefine what are the whitespace characters as per RFC5322; by
doing so we prevent mutt_substrdup from being used in a way that could lead to
a segfault.
The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
crashes due to this kind of bugs from happening again.
The wheezy version of this patch is slightly different, therefore this patch
has -jessie prefixed in its name.
Index: mutt/lib.c
===================================================================
--- mutt.orig/lib.c
+++ mutt/lib.c
@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
size_t len;
char *p;
+ if (end != NULL && end < begin)
+ return NULL;
+
if (end)
len = end - begin;
else
Index: mutt/lib.h
===================================================================
--- mutt.orig/lib.h
+++ mutt/lib.h
@@ -98,7 +98,7 @@
on some systems */
# define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++;
-#define EMAIL_WSP " \t\r\n"
+#define EMAIL_WSP " \t\r"
/* skip over WSP as defined by RFC5322. This is used primarily for parsing
* header fields. */
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-release-src
>
by-pkgid
>
0be527b98710688b9190471e797617fa
>
files
>
5
