added patch file forgotten in last commit

This commit is contained in:
Matej Muzila 2014-12-03 20:02:14 +01:00
parent e557ff0b9a
commit c3b470bb37
2 changed files with 48 additions and 1 deletions

43
mutt-1.5.23-sendlib.patch Normal file
View File

@ -0,0 +1,43 @@
# HG changeset patch
# User Kevin McCarthy <kevin@8t8.us>
# Date 1417472364 28800
# Mon Dec 01 14:19:24 2014 -0800
# Branch stable
# Node ID 54c59aaf88b9f6b50f1078fc6f7551fa9315ac3e
# Parent 1b583341d5ad677c8a1935eb4110eba27606878a
Revert write_one_header() to skip space and tab. (closes #3716)
This patch fixes CVE-2014-9116 in the stable branch. It reverts
write_one_header() to the pre [f251d523ca5a] code for skipping
whitespace.
Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
to mutt, which this patch is based off of.
diff --git a/sendlib.c b/sendlib.c
--- a/sendlib.c
+++ b/sendlib.c
@@ -1809,17 +1809,22 @@
{
tagbuf = NULL;
valbuf = mutt_substrdup (start, end);
}
else
{
tagbuf = mutt_substrdup (start, t);
/* skip over the colon separating the header field name and value */
- t = skip_email_wsp(t + 1);
+ ++t;
+
+ /* skip over any leading whitespace (WSP, as defined in RFC5322) */
+ while (*t == ' ' || *t == '\t')
+ t++;
+
valbuf = mutt_substrdup (t, end);
}
dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
"max width = %d > %d\n",
NONULL(pfx), valbuf, max, wraplen));
if (fold_one_header (fp, tagbuf, valbuf, pfx, wraplen, flags) < 0)
return -1;
FREE (&tagbuf);

View File

@ -18,7 +18,7 @@
Summary: A text mode mail user agent
Name: mutt
Version: 1.5.23
Release: 6%{?dist}
Release: 7%{?dist}
Epoch: 5
# The entire source code is GPLv2+ except
# pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@ -186,6 +186,10 @@ ln -sf ./muttrc.5 $RPM_BUILD_ROOT%{_mandir}/man5/muttrc.local.5
%changelog
* Wed Dec 03 2014 Matej Muzila <mmuzila@redhat.com> - 5:1.5.23-7
- added patch file forgotten in last commit
* Wed Dec 03 2014 Matej Muzila <mmuzila@redhat.com> - 5:1.5.23-6
- resolves #1168464 (CVE-2014-9116)