mail/mutt/patches/100-CVE-2014-9116.patch

   1 From: Antonio Radici <antonio@debian.org>
   2 Date: Fri, 18 Sep 2015 11:48:47 +0200
   3 Subject: 771125-CVE-2014-9116-jessie
   4
   5 This patch solves the issue raised by CVE-2014-9116 in bug 771125.
   6
   7 We correctly redefine what are the whitespace characters as per RFC5322; by
   8 doing so we prevent mutt_substrdup from being used in a way that could lead to
   9 a segfault.
  10
  11 The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
  12 crashes due to this kind of bugs from happening again.
  13
  14 Signed-off-by: Matteo F. Vescovi <mfv@debian.org>
  15 ---
  16  lib.c | 3 +++
  17  1 file changed, 3 insertions(+)
  18
  19 diff -rupN a/lib.c b/lib.c
  20 --- a/lib.c
  21 +++ b/lib.c
  22 @@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
  23    size_t len;
  24    char *p;
  25
  26 +  if (end != NULL && end < begin)
  27 +    return NULL;
  28 +
  29    if (end)
  30      len = end - begin;
  31    else