c1413cd94c
Fixes the following security issue: - CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From 4a2becbdb4422aaffe3ce314991b9d670b7adf17 Mon Sep 17 00:00:00 2001
|
|
From: Kevin McCarthy <kevin@8t8.us>
|
|
Date: Sun, 17 Jan 2021 10:40:37 -0800
|
|
Subject: [PATCH] Fix memory leak parsing group addresses without a display
|
|
name.
|
|
|
|
When there was a group address terminator with no previous
|
|
addresses (including the group display-name), an address would be
|
|
allocated but not attached to the address list.
|
|
|
|
Change this to only allocate when last exists.
|
|
|
|
It would be more correct to not allocate at all unless we are inside a
|
|
group list, but I will address that in a separate commit to master.
|
|
|
|
[Retrieved from:
|
|
https://git.launchpad.net/ubuntu/+source/mutt/plain/debian/patches/CVE-2021-3181-1.patch?h=import/1.14.6-1ubuntu0.2]
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
---
|
|
rfc822.c | 5 ++---
|
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
|
Index: mutt-1.14.6/rfc822.c
|
|
===================================================================
|
|
--- mutt-1.14.6.orig/rfc822.c
|
|
+++ mutt-1.14.6/rfc822.c
|
|
@@ -491,11 +491,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *
|
|
#endif
|
|
|
|
/* add group terminator */
|
|
- cur = rfc822_new_address ();
|
|
if (last)
|
|
{
|
|
- last->next = cur;
|
|
- last = cur;
|
|
+ last->next = rfc822_new_address ();
|
|
+ last = last->next;
|
|
}
|
|
|
|
phraselen = 0;
|