aboutsummaryrefslogtreecommitdiff
Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of
service and potential remote execution of arbitrary code).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

Source:
http://seclists.org/oss-sec/2014/q3/495

Adopted by Debian as patch '27':
https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -84,12 +84,11 @@
 	case '"':*target++=delim='"';start++;
       }
      ;{ int i;
-	do
+	while(*start)
 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
 	      break;
 	   else if(i=='\\'&&*start)		    /* skip quoted character */
 	      *target++= *start++;
-	while(*start);						/* anything? */
       }
      hitspc=2;
    }
generated by cgit
development snapshot....Jan Nieuwenhuizen 2017-09-19gnu: cuirass: Update development snapshot....Ludovic Courtès 2017-09-10gnu: Fix build failures caused by commit...Kei Kebreau 2017-09-04gnu: Put autoconf-related phases immediately after the 'unpack phase....Kei Kebreau 2017-08-17gnu: cuirass: Update to 0.0.1-7.6f85bc0....Ricardo Wurmus 2017-06-20gnu: Move contents of zip module into compression module....Arun Isaac 2017-05-13gnu: guile-json: Rename "guile2.2-json" to "guile-json"....Ludovic Courtès 2017-05-10gnu: cuirass: Update snapshot; switch to Guile 2.2....Ludovic Courtès 2017-03-11gnu: cuirass: Update to 0.0.1 revision 5....Mathieu Othacehe 2017-02-02gnu: cuirass: Update to 0.0.1 revision 4....Mathieu Othacehe 2017-01-09gnu: cuirass: Update to 0.0.1 revision 3....Mathieu Lirzin 2016-12-20gnu: cuirass: Make sure 'cuirass' has 'evaluate' in $PATH....Ludovic Courtès 2016-12-19gnu: cuirass: Add Git to 'PATH'....Ludovic Courtès 2016-12-15gnu: cuirass: Update to revision 2....Mathieu Lirzin 2016-11-29gnu: Add Cuirass....Mathieu Lirzin 2016-09-14gnu: hydra: Update to 20151030.1ff48da....Jan Nieuwenhuizen 2016-06-05gnu: Use full SHA1 commit ids....Hartmut Goebel 2016-04-14gnu: packages: Use 'search-patches' everywhere....Alex Kost