debian/patches/86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch

   1 From e7c25d5b603a33e677efc4bccb6e5cac617e7ad5 Mon Sep 17 00:00:00 2001
   2 From: Jeremy Harris <jgh146exb@wizmail.org>
   3 Date: Thu, 1 Jan 2015 21:47:10 +0000
   4 Subject: [PATCH] Avoid crash with badly-terminated non-recognised mime
   5  parameter
   6
   7 ---
   8  src/mime.c                  | 18 +++++++++++-------
   9  test/log/4000                   |  3 +++
  10  test/mail/4000.userx            | 42 +++++++++++++++++++++++++++++++++++++++++
  11  test/scripts/4000-scanning/4000 | 32 +++++++++++++++++++++++++++++++
  12  test/stdout/4000                | 11 +++++++++++
  13  5 files changed, 99 insertions(+), 7 deletions(-)
  14
  15 diff --git a/src/mime.c b/src/mime.c
  16 index e5fe476..948dd78 100644
  17 --- a/src/mime.c
  18 +++ b/src/mime.c
  19 @@ -589,6 +589,7 @@ DECODE_HEADERS:
  20  NEXT_PARAM_SEARCH:
  21         while (*p)
  22           {
  23 +         /* debug_printf("  considering paramlist '%s'\n", p); */
  24           mime_parameter * mp;
  25           for (mp = mime_parameter_list;
  26                mp < &mime_parameter_list[mime_parameter_list_size];
  27 @@ -623,7 +624,7 @@ NEXT_PARAM_SEARCH:
  28
  29                 param_value = rfc2047_decode(param_value,
  30                       check_rfc2047_length, NULL, 32, NULL, &dummy);
  31 -               debug_printf("Found %s MIME parameter in %s header, "
  32 +               debug_printf(" Found %s MIME parameter in %s header, "
  33                       "value is '%s'\n", mp->name, mime_header_list[i].name,
  34                       param_value);
  35                 }
  36 @@ -631,14 +632,17 @@ NEXT_PARAM_SEARCH:
  37               goto NEXT_PARAM_SEARCH;
  38             }
  39           }
  40 -         /* There is something, but not one of our interesting parameters.
  41 -            Advance to the next semicolon */
  42 -         while(*p != ';')
  43 +       /* There is something, but not one of our interesting parameters.
  44 +          Advance to the next unquoted semicolon */
  45 +       while(*p && *p != ';')
  46 +         if (*p == '"')
  47             {
  48 -           if (*p == '"') while(*++p && *p != '"') ;
  49 -           p++;
  50 +           while(*++p && *p != '"') ;
  51 +           if (*p) p++;
  52             }
  53 -         p++;
  54 +         else
  55 +           p++;
  56 +       if (*p) p++;
  57         }
  58        }
  59    }