Group :: Rede/E-Mail
RPM: procmail
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: procmail-3.22-taviso-bound-CVE-2014-3618.patch
Download
Download
From: Tavis Ormandy <taviso@google.com>
Date: Wed, 3 Sep 2014 11:52:11 -0700
Message-ID: <CAJ_zFkLvkQyghiMBXd=gAMmQZWgtOW5e1LxSQQ-fYwdymwBRhA@mail.gmail.com>
To: oss-security@lists.openwall.com
Subject: [oss-security] heap overflow in procmail
I noticed a heap overflow in procmail when parsing addresses with
unbalanced quotes. I encountered this by accident when trying to
organize a large usenet archive, this post to rec.arts.poems causes
formail to crash.
https://groups.google.com/forum/message/raw?msg=alt.arts.poetry.comments/DCuLO3qzovI/CZk15MlfqNkJ
It looks like the fix is
--- a/src/formisc.c 2013-08-04 00:13:33.000000000 -0700
+++ b/src/formisc.c 2014-09-03 11:42:25.986002396 -0700
@@ -84,12 +84,11 @@
case '"':*target++=delim='"';start++;
}
;{ int i;
- do
+ while(*start) /* anything? */
if((i= *target++= *start++)==delim) /* corresponding delimiter? */
break;
else if(i=='\\'&&*start) /* skip quoted character */
*target++= *start++;
- while(*start); /* anything? */
}
hitspc=2;
}
Tavis.