12345678910111213141516171819202122232425262728293031 |
- From: Antonio Radici <antonio@debian.org>
- Date: Fri, 18 Sep 2015 11:48:47 +0200
- Subject: 771125-CVE-2014-9116-jessie
- This patch solves the issue raised by CVE-2014-9116 in bug 771125.
- We correctly redefine what are the whitespace characters as per RFC5322; by
- doing so we prevent mutt_substrdup from being used in a way that could lead to
- a segfault.
- The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
- crashes due to this kind of bugs from happening again.
- Signed-off-by: Matteo F. Vescovi <mfv@debian.org>
- ---
- lib.c | 3 +++
- 1 file changed, 3 insertions(+)
- diff -rupN a/lib.c b/lib.c
- --- a/lib.c
- +++ b/lib.c
- @@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
- size_t len;
- char *p;
-
- + if (end != NULL && end < begin)
- + return NULL;
- +
- if (end)
- len = end - begin;
- else
|