mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-16 11:55:27 -05:00
708d3ec0de
* gnu/packages/patches/mutt-CVE-2021-3181.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mail.scm (mutt)[source]: Use it.
45 lines
1.2 KiB
Diff
45 lines
1.2 KiB
Diff
Fix CVE-2021-3181:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://gitlab.com/muttmua/mutt/-/commit/c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545
|
|
|
|
From c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 Mon Sep 17 00:00:00 2001
|
|
From: Kevin McCarthy <kevin@8t8.us>
|
|
Date: Sun, 17 Jan 2021 10:40:37 -0800
|
|
Subject: [PATCH] Fix memory leak parsing group address.
|
|
|
|
When there was a group address terminator with no previous addresses,
|
|
an address would be allocated but not attached to the address list.
|
|
|
|
Change this to only allocate when last exists.
|
|
|
|
It would be more correct to not allocate at all unless we are inside a
|
|
group list, but I will address that in a separate commit to master.
|
|
---
|
|
rfc822.c | 5 ++---
|
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/rfc822.c b/rfc822.c
|
|
index 7ff4eaa3..ced619f2 100644
|
|
--- a/rfc822.c
|
|
+++ b/rfc822.c
|
|
@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
|
|
#endif
|
|
|
|
/* add group terminator */
|
|
- cur = rfc822_new_address ();
|
|
if (last)
|
|
{
|
|
- last->next = cur;
|
|
- last = cur;
|
|
+ last->next = rfc822_new_address ();
|
|
+ last = last->next;
|
|
}
|
|
|
|
phraselen = 0;
|
|
--
|
|
GitLab
|
|
|