Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
mutt.30625
CVE-2023-4875.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-4875.patch of Package mutt.30625
From 452ee330e094bfc7c9a68555e5152b1826534555 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy <kevin@8t8.us> Date: Sun, 3 Sep 2023 12:22:01 +0800 Subject: [PATCH] Fix rfc2047 base64 decoding to abort on illegal characters. For some reason, the rfc2047 base64 decoder ignored illegal characters, instead of aborting. This seems innocuous, but in fact leads to at least three crash-bugs elsewhere in Mutt. These stem from Mutt, in some cases, passing an entire header field (name, colon, and body) to the rfc2047 decoder. (It is technically incorrect to do so, by the way, but is beyond scope for these fixes in stable). Mutt then assumes the result can't be empty because of a previous check that the header contains at least a colon. This commit takes care of the source of the crashes, by aborting the rfc2047 decode. The following two commits add protective fixes to the specific crash points. Thanks to Chenyuan Mi (@morningbread) for discovering the strchr crashes, giving a working example draft message, and providing the stack traces for the two NULL derefences. --- rfc2047.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rfc2047.c b/rfc2047.c --- a/rfc2047.c +++ b/rfc2047.c @@ -692,7 +692,7 @@ static int rfc2047_decode_word (char *d, if (*pp == '=') break; if ((*pp & ~127) || (c = base64val(*pp)) == -1) - continue; + goto error_out_0; if (k + 6 >= 8) { k -= 2;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor