Commit | Line | Data |
---|---|---|
c297e965 LF |
1 | Fix CVE-2017-16844: |
2 | ||
3 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844 | |
4 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 | |
5 | ||
6 | Patch copied from Debian procmail package 3.22-26: | |
7 | ||
8 | http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz | |
9 | ||
10 | From: Santiago Vila <sanvila@debian.org> | |
11 | Subject: Fix heap-based buffer overflow in loadbuf() | |
12 | Bug-Debian: http://bugs.debian.org/876511 | |
13 | X-Debian-version: 3.22-26 | |
14 | ||
15 | --- a/src/formisc.c | |
16 | +++ b/src/formisc.c | |
17 | @@ -103,7 +103,7 @@ | |
18 | } | |
19 | /* append to buf */ | |
20 | void loadbuf(text,len)const char*const text;const size_t len; | |
21 | -{ if(buffilled+len>buflen) /* buf can't hold the text */ | |
22 | +{ while(buffilled+len>buflen) /* buf can't hold the text */ | |
23 | buf=realloc(buf,buflen+=Bsize); | |
24 | tmemmove(buf+buffilled,text,len);buffilled+=len; | |
25 | } |