[mutt] 02/02: upstream/827189-opportunistic-encryption-crash.patch: do not crash when doing opportunistic encryption with long addresses (Closes: 827189).

Antonio Radici antonio at moszumanska.debian.org
Tue Sep 13 19:11:46 UTC 2016


This is an automated email from the git hooks/post-receive script.

antonio pushed a commit to branch master
in repository mutt.

commit 07b5c8d428814374f57f158e3c97f10a33e87afd
Author: Antonio Radici <antonio at debian.org>
Date:   Tue Sep 13 16:16:11 2016 +0100

    upstream/827189-opportunistic-encryption-crash.patch: do not crash when doing opportunistic encryption with long addresses (Closes: 827189).
---
 debian/changelog                                   |  2 ++
 debian/patches/series                              |  1 +
 .../827189-opportunistic-encryption-crash.patch    | 26 ++++++++++++++++++++++
 3 files changed, 29 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index acfd24f..5d1bbeb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ mutt (1.7.0-5) UNRELEASED; urgency=medium
     + neomutt-devel/837601-do-not-segfault-on-new-mails.patch: updated to
       prevent crash when exiting from the pager while viewing a composed email
       (Closes: 837634).
+    + upstream/827189-opportunistic-encryption-crash.patch: do not crash when
+      doing opportunistic encryption with long addresses (Closes: 827189).
 
  -- Antonio Radici <antonio at debian.org>  Tue, 13 Sep 2016 14:57:35 +0100
 
diff --git a/debian/patches/series b/debian/patches/series
index 2809d50..d22a506 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,4 +27,5 @@ upstream/833192-preserve-messageid-for-postponed-emails.patch
 upstream/644992-ipv6-literal.patch
 upstream/549204-clear-N-on-readonly-imap-folders.patch
 upstream/837372-do-not-color-gpgme-output.patch
+upstream/827189-opportunistic-encryption-crash.patch
 upstream/openssl-1.1-build.patch
diff --git a/debian/patches/upstream/827189-opportunistic-encryption-crash.patch b/debian/patches/upstream/827189-opportunistic-encryption-crash.patch
new file mode 100644
index 0000000..e19c9fb
--- /dev/null
+++ b/debian/patches/upstream/827189-opportunistic-encryption-crash.patch
@@ -0,0 +1,26 @@
+The following patch prevents a crash due to a buffer overflow when a mail
+contains a '+' in its address and opportunistic encryption is used.
+
+Debian bug: http://bugs.debian.org/827189
+Upstream issue: http://bugs.mutt.org/3873
+ 
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -3708,7 +3708,7 @@
+     {
+       for(s = l->data; *s; s++)
+         {
+-          if (*s == '%')
++          if (*s == '%' || *s == '+')
+             n += 2;
+           n++;
+         }
+@@ -3716,6 +3716,8 @@
+     }
+   n++; /* make sure to allocate at least one byte */
+   pattern = p = safe_calloc (1,n);
++  if (!pattern)
++    return NULL;
+   for(l=list; l; l = l->next)
+     {
+       s = l->data;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mutt/mutt.git



More information about the pkg-mutt-commits mailing list