summaryrefslogtreecommitdiffstats
path: root/patches/source/mutt/mutt.CVE-2014-9116.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/mutt/mutt.CVE-2014-9116.diff')
-rw-r--r--patches/source/mutt/mutt.CVE-2014-9116.diff34
1 files changed, 34 insertions, 0 deletions
diff --git a/patches/source/mutt/mutt.CVE-2014-9116.diff b/patches/source/mutt/mutt.CVE-2014-9116.diff
new file mode 100644
index 00000000..97f6fd81
--- /dev/null
+++ b/patches/source/mutt/mutt.CVE-2014-9116.diff
@@ -0,0 +1,34 @@
+# HG changeset patch
+# User Kevin McCarthy <kevin@8t8.us>
+# Date 1417472364 28800
+# Node ID 0aebf1df43598b442ac75ae4fe17875351854db0
+# Parent 5a86319adad0d17e4acaf8a580bfc9eb247547d0
+Revert write_one_header() to skip space and tab. (closes #3716)
+
+This patch fixes CVE-2014-9116 in the stable branch. It reverts
+write_one_header() to the pre [f251d523ca5a] code for skipping
+whitespace.
+
+Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
+to mutt, which this patch is based off of.
+
+diff -r 5a86319adad0 -r 0aebf1df4359 sendlib.c
+--- a/sendlib.c Mon Jan 05 18:28:59 2015 -0800
++++ b/sendlib.c Mon Dec 01 14:19:24 2014 -0800
+@@ -1814,7 +1814,14 @@
+ {
+ tagbuf = mutt_substrdup (start, t);
+ /* skip over the colon separating the header field name and value */
+- t = skip_email_wsp(t + 1);
++ ++t;
++
++ /* skip over any leading whitespace (WSP, as defined in RFC5322)
++ * NOTE: skip_email_wsp() does the wrong thing here.
++ * See tickets 3609 and 3716. */
++ while (*t == ' ' || *t == '\t')
++ t++;
++
+ valbuf = mutt_substrdup (t, end);
+ }
+ dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "
+