[procmail] Added crash-fixes patch
Jaroslav Škarvada
jskarvad at fedoraproject.org
Thu Mar 19 09:52:47 UTC 2015
commit 7415631c789ed6d788185c2a8a4c634a2b1105d2
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Thu Mar 19 10:51:00 2015 +0100
Added crash-fixes patch
Signed-off-by: Jaroslav Škarvada <jskarvad at redhat.com>
procmail-3.22-crash-fix.patch | 48 +++++++++++++++++++++++++++++++++++++++++++
procmail.spec | 2 +-
2 files changed, 49 insertions(+), 1 deletion(-)
---
diff --git a/procmail-3.22-crash-fix.patch b/procmail-3.22-crash-fix.patch
new file mode 100644
index 0000000..b393d8b
--- /dev/null
+++ b/procmail-3.22-crash-fix.patch
@@ -0,0 +1,48 @@
+From: Tero Marttila <terom at fixme.fi>
+Subject: Fix off-by-one error that makes procmail to segfault on certain .procmailrc files
+
+--- a/src/cstdio.c
++++ b/src/cstdio.c
+@@ -144,7 +144,7 @@
+ { case '\n':case EOF:*q='\0';
+ return overflow?-1:p!=q; /* did we read anything at all? */
+ }
+- if(q==end) /* check here so that a trailing backslash won't be lost */
++ if(q>=end) /* check here so that a trailing backslash won't be lost */
+ q=p,overflow=1;
+ *q++=i;
+ }
+@@ -199,7 +199,7 @@
+ if(*(target=strchr(target,'\0')-1)=='\\')
+ { if(chp2!=target) /* non-empty line? */
+ target++; /* then preserve the backslash */
+- if(target>end-2) /* space enough for getbl? */
++ if(target>=end-2) /* space enough for getbl? */
+ target=end-linebuf,overflow=1; /* toss what we have */
+ continue;
+ }
+From: Jan Darmochwal <jdarmochwal at gmx.de>
+Subject: formail memory corruption fixes
+
+--- a/src/formail.c
++++ b/src/formail.c
+@@ -219,7 +219,7 @@
+ if(i>=0&&(i!=maxindex(sest)||fldp==rdheader)) /* found anything? */
+ { char*saddr;char*tmp; /* determine the weight */
+ nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j;
+- tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
++ tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
+ if(sest[i].head==From_)
+ { char*pastad;
+ if(strchr(saddr=chp,'\n')) /* multiple From_ lines */
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -66,7 +66,7 @@
+ retz: *target='\0';
+ ret: return start;
+ }
+- if(*start=='\\')
++ if(*start=='\\' && *(start + 1))
+ *target++='\\',start++;
+ hitspc=2;
+ goto normal; /* normal word */
diff --git a/procmail.spec b/procmail.spec
index 06756d7..588569e 100644
--- a/procmail.spec
+++ b/procmail.spec
@@ -82,7 +82,7 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Thu Mar 19 2015 Jaroslav Škarvada <jskarvad at redhat.com> - 3.22-37
-- Fixed more buffer overflows and memory corruptions
+- Fixed more buffer overflows and memory corruptions (by crash-fix patch)
* Thu Sep 4 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 3.22-36
- Fixed buffer overflow in formail
More information about the scm-commits
mailing list