Fix IMAP buffer overflow:

http://www.securityfocus.com/bid/18642 PR: ports/99614 [1], ports/99610 [2] Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer) [1], J.P. Dinger <jpd@vvtp.tudelft.nl> [2] Approved by: ahze (mentor)
svn path=/head/; revision=166659
2024-12-21 04:06:46 +00:00 · 2006-06-30 14:38:26 +00:00 · 2006-06-30 14:38:26 +00:00 · 87619bad1d · 2021-03-31 03:12:20 +00:00
commit 87619bad1d
parent d9db0b6f3e
4 changed files with 58 additions and 2 deletions
--- a/mail/mutt/Makefile
+++ b/mail/mutt/Makefile
@ -8,7 +8,7 @@

 PORTNAME=	mutt
 PORTVERSION=	1.4.2.1
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES+=	mail ipv6
 MASTER_SITES=	ftp://ftp.mutt.org/mutt/ \
 		ftp://ftp.fu-berlin.de/pub/unix/mail/mutt/ \
--- a/mail/mutt/files/patch-imap-browse.c
+++ b/mail/mutt/files/patch-imap-browse.c
@ -0,0 +1,28 @@
+--- imap/browse.c.orig
+++ imap/browse.c
+@@ -505,7 +505,7 @@ static int browse_get_namespace (IMAP_DA
+ 	    if (*s == '\"')
+ 	    {
+ 	      s++;
+-	      while (*s && *s != '\"') 
+	      while (*s && *s != '\"' && n < sizeof (ns) - 1) 
+ 	      {
+ 		if (*s == '\\')
+ 		  s++;
+@@ -516,12 +516,14 @@ static int browse_get_namespace (IMAP_DA
+ 		s++;
+ 	    }
+ 	    else
+-	      while (*s && !ISSPACE (*s)) 
+	      while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
+ 	      {
+ 		ns[n++] = *s;
+ 		s++;
+ 	      }
+ 	    ns[n] = '\0';
+	    if (n == sizeof (ns) - 1)
+	      dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
+ 	    /* delim? */
+ 	    s = imap_next_word (s);
+ 	    /* delimiter is meaningless if namespace is "". Why does
+
--- a/mail/mutt14/Makefile
+++ b/mail/mutt14/Makefile
@ -8,7 +8,7 @@

 PORTNAME=	mutt
 PORTVERSION=	1.4.2.1
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES+=	mail ipv6
 MASTER_SITES=	ftp://ftp.mutt.org/mutt/ \
 		ftp://ftp.fu-berlin.de/pub/unix/mail/mutt/ \
--- a/mail/mutt14/files/patch-imap-browse.c
+++ b/mail/mutt14/files/patch-imap-browse.c
@ -0,0 +1,28 @@
+--- imap/browse.c.orig
+++ imap/browse.c
+@@ -505,7 +505,7 @@ static int browse_get_namespace (IMAP_DA
+ 	    if (*s == '\"')
+ 	    {
+ 	      s++;
+-	      while (*s && *s != '\"') 
+	      while (*s && *s != '\"' && n < sizeof (ns) - 1) 
+ 	      {
+ 		if (*s == '\\')
+ 		  s++;
+@@ -516,12 +516,14 @@ static int browse_get_namespace (IMAP_DA
+ 		s++;
+ 	    }
+ 	    else
+-	      while (*s && !ISSPACE (*s)) 
+	      while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
+ 	      {
+ 		ns[n++] = *s;
+ 		s++;
+ 	      }
+ 	    ns[n] = '\0';
+	    if (n == sizeof (ns) - 1)
+	      dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
+ 	    /* delim? */
+ 	    s = imap_next_word (s);
+ 	    /* delimiter is meaningless if namespace is "". Why does
+