vp-build/srcpkgs/mutt/patches/CVE-2014-9116.patch

This patch solves the issue raised by CVE-2014-9116.

We correctly redefine what are the whitespace characters as per RFC5322; by
doing so we prevent mutt_substrdup from being used in a way that could lead to
a segfault.

The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
crashes due to this kind of bugs from happening again.

--- lib.c.orig
+++ lib.c
@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
   size_t len;
   char *p;
 
+  if (end != NULL && end < begin)
+    return NULL;
+
   if (end)
     len = end - begin;
   else
--- lib.h.orig
+++ lib.h
@@ -98,7 +98,7 @@
    on some systems */
 # define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++;
 
-#define EMAIL_WSP " \t\r\n"
+#define EMAIL_WSP " \t\r"
 
 /* skip over WSP as defined by RFC5322.  This is used primarily for parsing
  * header fields. */
mutt: patch for CVE-2014-9116 2014-12-01 01:01:12 +01:00			`This patch solves the issue raised by CVE-2014-9116.`

			`We correctly redefine what are the whitespace characters as per RFC5322; by`
			`doing so we prevent mutt_substrdup from being used in a way that could lead to`
			`a segfault.`

			`The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent`
			`crashes due to this kind of bugs from happening again.`

			`--- lib.c.orig`
			`+++ lib.c`
			`@@ -815,6 +815,9 @@ char mutt_substrdup (const char begin,`
			`size_t len;`
			`char *p;`

			`+ if (end != NULL && end < begin)`
			`+ return NULL;`
			`+`
			`if (end)`
			`len = end - begin;`
			`else`
			`--- lib.h.orig`
			`+++ lib.h`
			`@@ -98,7 +98,7 @@`
			`on some systems */`
			`# define SKIPWS(c) while ((c) && isspace ((unsigned char) (c))) c++;`

			`-#define EMAIL_WSP " \t\r\n"`
			`+#define EMAIL_WSP " \t\r"`

			`/* skip over WSP as defined by RFC5322. This is used primarily for parsing`
			`* header fields. */`