kumquat-buildroot/package/mutt/0003-CVE-2021-3181-2.patch
Peter Korsgaard c1413cd94c package/mutt: add security fixes from Ubuntu for CVE-2021-3181
Fixes the following security issue:

- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
  cause a denial of service (mailbox unavailability) by sending email
  messages with sequences of semicolon characters in RFC822 address fields
  (aka terminators of empty groups).  A small email message from the
  attacker can cause large memory consumption, and the victim may then be
  unable to see email messages from other persons.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-29 09:30:02 +01:00

54 lines
1.6 KiB
Diff

From 939b02b33ae29bc0d642570c1dcfd4b339037d19 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 17 Jan 2021 10:53:19 -0800
Subject: [PATCH] Don't allocate a group terminator unless we are in a
group-list.
This will reduce memory allocation for garbage/spam address lists.
It also makes no sense to store a terminator when there wasn't a
display-name indicating the start of a group.
[Retrieved from:
https://git.launchpad.net/ubuntu/+source/mutt/plain/debian/patches/CVE-2021-3181-2.patch?h=import/1.14.6-1ubuntu0.2]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
rfc822.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: mutt-1.14.6/rfc822.c
===================================================================
--- mutt-1.14.6.orig/rfc822.c
+++ mutt-1.14.6/rfc822.c
@@ -378,7 +378,7 @@ add_addrspec (ADDRESS **top, ADDRESS **l
ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
{
- int ws_pending, nl;
+ int ws_pending, nl, in_group = 0;
#ifdef EXACT_ADDRESS
const char *begin;
#endif
@@ -455,6 +455,7 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *
terminate_buffer (phrase, phraselen);
cur->mailbox = safe_strdup (phrase);
cur->group = 1;
+ in_group = 1;
if (last)
last->next = cur;
@@ -491,11 +492,12 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *
#endif
/* add group terminator */
- if (last)
+ if (last && in_group)
{
last->next = rfc822_new_address ();
last = last->next;
}
+ in_group = 0;
phraselen = 0;
commentlen = 0;