gnu/packages/patches/procmail-CVE-2014-3618.patch

   1 Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of
   2 service and potential remote execution of arbitrary code).
   3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618
   4
   5 Source:
   6 http://seclists.org/oss-sec/2014/q3/495
   7
   8 Adopted by Debian as patch '27':
   9 https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/
  10
  11 --- a/src/formisc.c
  12 +++ b/src/formisc.c
  13 @@ -84,12 +84,11 @@
  14         case '"':*target++=delim='"';start++;
  15        }
  16       ;{ int i;
  17 -       do
  18 +       while(*start)
  19            if((i= *target++= *start++)==delim)   /* corresponding delimiter? */
  20               break;
  21            else if(i=='\\'&&*start)                 /* skip quoted character */
  22               *target++= *start++;
  23 -       while(*start);                                          /* anything? */
  24        }
  25       hitspc=2;
  26     }