Fix IMAP buffer overflow:

  http://www.securityfocus.com/bid/18642

PR:		ports/99614 [1], ports/99610 [2]
Submitted by:	Udo Schweigert <udo.schweigert@siemens.com> (maintainer) [1],
		J.P. Dinger <jpd@vvtp.tudelft.nl> [2]
Approved by:	ahze (mentor)

1 files changed, 28 insertions, 0 deletions

diff --git a/mail/mutt14/files/patch-imap-browse.c b/mail/mutt14/files/patch-imap-browse.c
new file mode 100644
index 000000000000..86cda3140e69
--- /dev/null
+++ b/mail/mutt14/files/patch-imap-browse.c
@@ -0,0 +1,28 @@
+--- imap/browse.c.orig
++++ imap/browse.c
+@@ -505,7 +505,7 @@ static int browse_get_namespace (IMAP_DA
+ 	    if (*s == '\"')
+ 	    {
+ 	      s++;
+-	      while (*s && *s != '\"') 
++	      while (*s && *s != '\"' && n < sizeof (ns) - 1) 
+ 	      {
+ 		if (*s == '\\')
+ 		  s++;
+@@ -516,12 +516,14 @@ static int browse_get_namespace (IMAP_DA
+ 		s++;
+ 	    }
+ 	    else
+-	      while (*s && !ISSPACE (*s)) 
++	      while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
+ 	      {
+ 		ns[n++] = *s;
+ 		s++;
+ 	      }
+ 	    ns[n] = '\0';
++	    if (n == sizeof (ns) - 1)
++	      dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
+ 	    /* delim? */
+ 	    s = imap_next_word (s);
+ 	    /* delimiter is meaningless if namespace is "". Why does
+