[mutt] 17/17: 771125-CVE-2014-9116-jessie

[Antonio Radici]

This is an automated email from the git hooks/post-receive script.

antonio pushed a commit to branch patch-queue/master
in repository mutt.

commit 6957bd3acbc2eef955cd8404bb7af5bf1eca1779
Author: Antonio Radici <antonio at debian.org>
Date:   Fri Sep 18 11:48:47 2015 +0200

    771125-CVE-2014-9116-jessie
    
    This patch solves the issue raised by CVE-2014-9116 in bug 771125.
    
    We correctly redefine what are the whitespace characters as per RFC5322; by
    doing so we prevent mutt_substrdup from being used in a way that could lead to
    a segfault.
    
    The lib.c part was written by Antonio Radici <antonio at debian.org> to prevent
    crashes due to this kind of bugs from happening again.
    
    The wheezy version of this patch is slightly different, therefore this patch
    has -jessie prefixed in its name.
    
    The sendlib.c part was provided by Salvatore Bonaccorso and it is the same as
    the upstream patch reported here:
    http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch
    
    Signed-off-by: Matteo F. Vescovi <mfv at debian.org>
    
    Gbp-Pq: Topic upstream
    Gbp-Pq: Name 771125-CVE-2014-9116-jessie.patch
---
 lib.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib.c b/lib.c
index 5f7c38f..f6bab1a 100644
--- a/lib.c
+++ b/lib.c
@@ -819,6 +819,9 @@ char *mutt_substrdup (const char *begin, const char *end)
   size_t len;
   char *p;
 
+  if (end != NULL && end < begin)
+    return NULL;
+
   if (end)
     len = end - begin;
   else

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mutt/mutt.git