kumquat-buildroot/package/mutt/0002-CVE-2021-3181-1.patch

41 lines
1.3 KiB
Diff
Raw Normal View History

From 4a2becbdb4422aaffe3ce314991b9d670b7adf17 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 17 Jan 2021 10:40:37 -0800
Subject: [PATCH] Fix memory leak parsing group addresses without a display
name.
When there was a group address terminator with no previous
addresses (including the group display-name), an address would be
allocated but not attached to the address list.
Change this to only allocate when last exists.
It would be more correct to not allocate at all unless we are inside a
group list, but I will address that in a separate commit to master.
[Retrieved from:
https://git.launchpad.net/ubuntu/+source/mutt/plain/debian/patches/CVE-2021-3181-1.patch?h=import/1.14.6-1ubuntu0.2]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
rfc822.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
Index: mutt-1.14.6/rfc822.c
===================================================================
--- mutt-1.14.6.orig/rfc822.c
+++ mutt-1.14.6/rfc822.c
@@ -491,11 +491,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *
#endif
/* add group terminator */
- cur = rfc822_new_address ();
if (last)
{
- last->next = cur;
- last = cur;
+ last->next = rfc822_new_address ();
+ last = last->next;
}
phraselen = 0;