diff options
author | shaun <shaun@FreeBSD.org> | 2006-06-30 22:38:26 +0800 |
---|---|---|
committer | shaun <shaun@FreeBSD.org> | 2006-06-30 22:38:26 +0800 |
commit | c0ad83dda68e6b69404ee81f0d3096fc3c975317 (patch) | |
tree | 2a76c146e68b4725dba0f3af23569ff9f5ddf79f /mail/mutt | |
parent | 4f24aea82c3c9cde3bde3ec262d1826b2b2a5c6d (diff) | |
download | freebsd-ports-gnome-c0ad83dda68e6b69404ee81f0d3096fc3c975317.tar.gz freebsd-ports-gnome-c0ad83dda68e6b69404ee81f0d3096fc3c975317.tar.zst freebsd-ports-gnome-c0ad83dda68e6b69404ee81f0d3096fc3c975317.zip |
Fix IMAP buffer overflow:
http://www.securityfocus.com/bid/18642
PR: ports/99614 [1], ports/99610 [2]
Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer) [1],
J.P. Dinger <jpd@vvtp.tudelft.nl> [2]
Approved by: ahze (mentor)
Diffstat (limited to 'mail/mutt')
-rw-r--r-- | mail/mutt/Makefile | 2 | ||||
-rw-r--r-- | mail/mutt/files/patch-imap-browse.c | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/mail/mutt/Makefile b/mail/mutt/Makefile index 0aacb1f50588..51fb7ee32d85 100644 --- a/mail/mutt/Makefile +++ b/mail/mutt/Makefile @@ -8,7 +8,7 @@ PORTNAME= mutt PORTVERSION= 1.4.2.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES+= mail ipv6 MASTER_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.fu-berlin.de/pub/unix/mail/mutt/ \ diff --git a/mail/mutt/files/patch-imap-browse.c b/mail/mutt/files/patch-imap-browse.c new file mode 100644 index 000000000000..86cda3140e69 --- /dev/null +++ b/mail/mutt/files/patch-imap-browse.c @@ -0,0 +1,28 @@ +--- imap/browse.c.orig ++++ imap/browse.c +@@ -505,7 +505,7 @@ static int browse_get_namespace (IMAP_DA + if (*s == '\"') + { + s++; +- while (*s && *s != '\"') ++ while (*s && *s != '\"' && n < sizeof (ns) - 1) + { + if (*s == '\\') + s++; +@@ -516,12 +516,14 @@ static int browse_get_namespace (IMAP_DA + s++; + } + else +- while (*s && !ISSPACE (*s)) ++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) + { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == sizeof (ns) - 1) ++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does + |