void-packages/srcpkgs/procmail/patches/CVE-2014-3618.patch

24 lines
573 B
Diff

From: Tavis Ormandy
Subject: formail heap overflow. CVE-2014-3618
Bug-Debian: http://bugs.debian.org/704675
Bug-Debian: http://bugs.debian.org/760443
X-Debian-version: 3.22-22
--- a/src/formisc.c
+++ b/src/formisc.c
@@ -84,12 +84,11 @@
case '"':*target++=delim='"';start++;
}
;{ int i;
- do
+ while(*start)
if((i= *target++= *start++)==delim) /* corresponding delimiter? */
break;
else if(i=='\\'&&*start) /* skip quoted character */
*target++= *start++;
- while(*start); /* anything? */
}
hitspc=2;
}