Commit | Line | Data |
---|---|---|
1d982d78 LF |
1 | Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of |
2 | service and potential remote execution of arbitrary code). | |
3 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618 | |
4 | ||
5 | Source: | |
6 | http://seclists.org/oss-sec/2014/q3/495 | |
7 | ||
8 | Adopted by Debian as patch '27': | |
9 | https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/ | |
10 | ||
11 | --- a/src/formisc.c | |
12 | +++ b/src/formisc.c | |
13 | @@ -84,12 +84,11 @@ | |
14 | case '"':*target++=delim='"';start++; | |
15 | } | |
16 | ;{ int i; | |
17 | - do | |
18 | + while(*start) | |
19 | if((i= *target++= *start++)==delim) /* corresponding delimiter? */ | |
20 | break; | |
21 | else if(i=='\\'&&*start) /* skip quoted character */ | |
22 | *target++= *start++; | |
23 | - while(*start); /* anything? */ | |
24 | } | |
25 | hitspc=2; | |
26 | } |