mutt-1.5.11-security_fix-1.patch

Ag. Hatzimanikas Wed, 09 Aug 2006 05:58:55 -0700

Submitted By: Ag. Hatzimanikas
Date: 2006-08-09
Initial Package Version: 1.5.11
Origin: From Upstream
Upstream Status: Applied
Description: Fixes a buffer overflow.
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242


diff -Naur mutt-1.5.11.orig/imap/browse.c mutt-1.5.11/imap/browse.c
--- mutt-1.5.11.orig/imap/browse.c      2005-08-11 22:37:02.000000000 +0300
+++ mutt-1.5.11/imap/browse.c   2006-07-18 23:23:01.000000000 +0300
@@ -512,7 +512,7 @@
            if (*s == '\"')
            {
              s++;
-             while (*s && *s != '\"') 
+             while (*s && *s != '\"' && n < sizeof (ns) - 1) 
              {
                if (*s == '\\')
                  s++;
@@ -523,12 +523,14 @@
                s++;
            }
            else
-             while (*s && !ISSPACE (*s)) 
+             while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
              {
                ns[n++] = *s;
                s++;
              }
            ns[n] = '\0';
+           if (n == sizeof (ns) - 1)
+             dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", 
ns));
            /* delim? */
            s = imap_next_word (s);
            /* delimiter is meaningless if namespace is "". Why does

-- 
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

mutt-1.5.11-security_fix-1.patch

Reply via email to