#2802: Mutt *very* slow reading mails with long header lines
------------------------------------+----------------------
Reporter: Christoph Berg <cb@…> | Owner: mutt-dev
Type: defect | Status: closed
Priority: minor | Milestone:
Component: mutt | Version:
Resolution: fixed | Keywords:
------------------------------------+----------------------
Comment (by tamo):
What's done cannot be undone, but this ticket looks like the cause of
CVE-2014-0467, FYI.
We should be more careful next time applying a patch to modify /*CHECKED*/
lines
(for example, by removing the /*CHECKED*/ comments to re-check them before
releasing the next version?)
And/or we should use less strcat() especially when strlen() is not just
above.
I mean, it was not good to update len every time the length is _changed_.
{{{
{
if (!address_header_decode (&this_one))
rfc2047_decode (&this_one);
+ this_one_len = mutt_strlen (this_one);
}
...
- safe_realloc (&headers[x], mutt_strlen (headers[x]) +
- mutt_strlen (this_one) + sizeof (char));
- strcat (headers[x], this_one); /* __STRCAT_CHECKED__ */
+ int hlen = mutt_strlen (headers[x]);
+
+ safe_realloc (&headers[x], hlen + this_one_len + sizeof (char));
+ strcat (headers[x] + hlen, this_one); /* __STRCAT_CHECKED__ */
}}}
It would have been better to update every time the len is _used_
{{{
- safe_realloc (&headers[x], mutt_strlen (headers[x]) +
- mutt_strlen (this_one) + sizeof (char));
- strcat (headers[x], this_one); /* __STRCAT_CHECKED__ */
+ int hlen = mutt_strlen (headers[x]);
+
+ safe_realloc (&headers[x], hlen + mutt_strlen (this_one) + sizeof
(char));
+ strcat (headers[x] + hlen, this_one); /* __STRCAT_CHECKED__ */
}}}
because this_one_len is used with strcat() at _only one_ line.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/2802#comment:4>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
