diff options
| author | Shaun Amott <shaun@FreeBSD.org> | 2006-06-30 14:38:26 +0000 |
|---|---|---|
| committer | Shaun Amott <shaun@FreeBSD.org> | 2006-06-30 14:38:26 +0000 |
| commit | 87619bad1dde783294120b699e7073a598b8a425 (patch) | |
| tree | ee188abc3f564227befe607c5529890812e1a66e /mail/mutt | |
| parent | Update to 1.0.1 (diff) | |
Fix IMAP buffer overflow:
http://www.securityfocus.com/bid/18642
PR: ports/99614 [1], ports/99610 [2]
Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer) [1],
J.P. Dinger <jpd@vvtp.tudelft.nl> [2]
Approved by: ahze (mentor)
Notes
Notes:
svn path=/head/; revision=166659
Diffstat (limited to 'mail/mutt')
| -rw-r--r-- | mail/mutt/Makefile | 2 | ||||
| -rw-r--r-- | mail/mutt/files/patch-imap-browse.c | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/mail/mutt/Makefile b/mail/mutt/Makefile index 0aacb1f50588..51fb7ee32d85 100644 --- a/mail/mutt/Makefile +++ b/mail/mutt/Makefile @@ -8,7 +8,7 @@ PORTNAME= mutt PORTVERSION= 1.4.2.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES+= mail ipv6 MASTER_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.fu-berlin.de/pub/unix/mail/mutt/ \ diff --git a/mail/mutt/files/patch-imap-browse.c b/mail/mutt/files/patch-imap-browse.c new file mode 100644 index 000000000000..86cda3140e69 --- /dev/null +++ b/mail/mutt/files/patch-imap-browse.c @@ -0,0 +1,28 @@ +--- imap/browse.c.orig ++++ imap/browse.c +@@ -505,7 +505,7 @@ static int browse_get_namespace (IMAP_DA + if (*s == '\"') + { + s++; +- while (*s && *s != '\"') ++ while (*s && *s != '\"' && n < sizeof (ns) - 1) + { + if (*s == '\\') + s++; +@@ -516,12 +516,14 @@ static int browse_get_namespace (IMAP_DA + s++; + } + else +- while (*s && !ISSPACE (*s)) ++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) + { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == sizeof (ns) - 1) ++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does + |