41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
|
From 4a2becbdb4422aaffe3ce314991b9d670b7adf17 Mon Sep 17 00:00:00 2001
|
||
|
From: Kevin McCarthy <kevin@8t8.us>
|
||
|
Date: Sun, 17 Jan 2021 10:40:37 -0800
|
||
|
Subject: [PATCH] Fix memory leak parsing group addresses without a display
|
||
|
name.
|
||
|
|
||
|
When there was a group address terminator with no previous
|
||
|
addresses (including the group display-name), an address would be
|
||
|
allocated but not attached to the address list.
|
||
|
|
||
|
Change this to only allocate when last exists.
|
||
|
|
||
|
It would be more correct to not allocate at all unless we are inside a
|
||
|
group list, but I will address that in a separate commit to master.
|
||
|
|
||
|
[Retrieved from:
|
||
|
https://git.launchpad.net/ubuntu/+source/mutt/plain/debian/patches/CVE-2021-3181-1.patch?h=import/1.14.6-1ubuntu0.2]
|
||
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||
|
---
|
||
|
rfc822.c | 5 ++---
|
||
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
||
|
|
||
|
Index: mutt-1.14.6/rfc822.c
|
||
|
===================================================================
|
||
|
--- mutt-1.14.6.orig/rfc822.c
|
||
|
+++ mutt-1.14.6/rfc822.c
|
||
|
@@ -491,11 +491,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *
|
||
|
#endif
|
||
|
|
||
|
/* add group terminator */
|
||
|
- cur = rfc822_new_address ();
|
||
|
if (last)
|
||
|
{
|
||
|
- last->next = cur;
|
||
|
- last = cur;
|
||
|
+ last->next = rfc822_new_address ();
|
||
|
+ last = last->next;
|
||
|
}
|
||
|
|
||
|
phraselen = 0;
|