diff options
author | ghen <ghen> | 2006-06-20 11:00:56 +0000 |
---|---|---|
committer | ghen <ghen> | 2006-06-20 11:00:56 +0000 |
commit | ed5dcdcc2aa8cc18ef54b6a6ce2901bb8da4cb91 (patch) | |
tree | d34992baab4aa39a913ade2f6c9b8f3718d7f0d5 /mail/mutt/patches/patch-ae | |
parent | cdfd6922279ef3bff82087eef4a75f3f89d1fb85 (diff) | |
download | pkgsrc-ed5dcdcc2aa8cc18ef54b6a6ce2901bb8da4cb91.tar.gz |
Pullup ticket 1705 - requested by tron
security fix for mutt
Revisions pulled up:
- pkgsrc/mail/mutt/Makefile via patch
- pkgsrc/mail/mutt/distinfo 1.30
- pkgsrc/mail/mutt/patches/patch-ae 1.4
Module Name: pkgsrc
Committed By: tron
Date: Tue Jun 20 09:14:47 UTC 2006
Modified Files:
pkgsrc/mail/mutt: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/mutt/patches: patch-ae
Log Message:
Add fix from the "mutt" CVS repository for a buffer overflow in the
IMAP code which could be exploited by a malicious IMAP server.
Bump package revision.
Diffstat (limited to 'mail/mutt/patches/patch-ae')
-rw-r--r-- | mail/mutt/patches/patch-ae | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/mail/mutt/patches/patch-ae b/mail/mutt/patches/patch-ae new file mode 100644 index 00000000000..2e1a11e48c8 --- /dev/null +++ b/mail/mutt/patches/patch-ae @@ -0,0 +1,29 @@ +$NetBSD: patch-ae,v 1.3.14.1 2006/06/20 11:00:57 ghen Exp $ + +--- imap/browse.c.orig 2002-02-26 10:38:56.000000000 +0000 ++++ imap/browse.c 2006-06-20 10:05:32.000000000 +0100 +@@ -452,7 +452,7 @@ + if (*s == '\"') + { + s++; +- while (*s && *s != '\"') ++ while (*s && *s != '\"' && n < sizeof (ns) - 1) + { + if (*s == '\\') + s++; +@@ -463,12 +463,14 @@ + s++; + } + else +- while (*s && !ISSPACE (*s)) ++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) + { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == sizeof (ns) - 1) ++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does |