[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-mailutils] Buffer overflow (likely off-by-one vuln) in 'mail'.
From: |
Sergey Poznyakoff |
Subject: |
Re: [bug-mailutils] Buffer overflow (likely off-by-one vuln) in 'mail'. |
Date: |
Wed, 03 Dec 2014 13:35:32 +0200 |
Hi Joshua,
Thanks for reporting. I installed the following patch.
Regards,
Sergey
>From 7d96ed9c94cdb116c5c84213a597b8b0a37e80ad Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <address@hidden>
Date: Wed, 3 Dec 2014 13:25:34 +0200
Subject: [PATCH] Fix eventual memory overrun
* mail/mail.c (mail_mainloop): Check command length before
trying to access its last byte.
---
mail/mail.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mail/mail.c b/mail/mail.c
index f072e34..afdadd4 100644
--- a/mail/mail.c
+++ b/mail/mail.c
@@ -558,7 +558,7 @@ mail_mainloop (char *(*input) (void *, int),
while ((command = (*input) (closure, 0)) != NULL)
{
int len = strlen (command);
- while (command[len-1] == '\\')
+ while (len > 0 && command[len-1] == '\\')
{
char *buf;
char *command2 = (*input) (closure, 1);
--
1.7.12.1