#3716: mutt: write_one_header can call mutt_substrdup with begin > end, leading
to
crash
---------------------+----------------------
Reporter: thoger | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: mutt | Version: 1.5.23
Resolution: | Keywords:
---------------------+----------------------
Comment (by antonio@…):
The way I'm going to address this in the Debian version of 1.5.23 is the
following:
(1) add "if (end != NULL && end < begin) return NULL" to the
safe_substrdup function; this prevents this kind of error from crashing
mutt
(2) modify SKIP_WSP to be "\r\t" rather than "\r\t\n" (the RFC does not
talk about newlines as whitespace characters); that prevents the above
function from being called in a way where end < begin in the first place.
In wheezy we patches this in a similar way, by adding (1) and by removing
SKIP_WSP(t), see the discussion in
https://bugzilla.redhat.com/show_bug.cgi?id=1168463
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3716#comment:1>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
