Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
mutt
CVE-2023-4874-part1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-4874-part1.patch of Package mutt
From a4752eb0ae0a521eec02e59e51ae5daedf74fda0 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy <kevin@8t8.us> Date: Sun, 3 Sep 2023 14:11:48 +0800 Subject: [PATCH] Fix write_one_header() illegal header check. This is another crash caused by the rfc2047 decoding bug fixed in the second prior commit. In this case, an empty header line followed by a header line starting with ":", would result in t==end. The mutt_substrdup() further below would go very badly at that point, with t >= end+1. This could result in either a memcpy onto NULL or a huge malloc call. Thanks to Chenyuan Mi (@morningbread) for giving a working example draft message of the rfc2047 decoding flaw. This allowed me, with further testing, to discover this additional crash bug. --- sendlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sendlib.c b/sendlib.c --- a/sendlib.c +++ b/sendlib.c @@ -1832,7 +1832,7 @@ static int write_one_header (FILE *fp, i else { t = strchr (start, ':'); - if (!t || t > end) + if (!t || t >= end) { dprint (1, (debugfile, "mwoh: warning: header not in " "'key: value' format!\n"));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor