[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[nmh-commits] [SCM] The nmh Mail Handling System branch, master, updated
|
From: |
Ralph Corderoy |
|
Subject: |
[nmh-commits] [SCM] The nmh Mail Handling System branch, master, updated. 1.7-branchpoint-662-ged580c2 |
|
Date: |
Tue, 11 May 2021 12:27:02 -0400 (EDT) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The nmh Mail Handling System".
The branch, master has been updated
via ed580c20351143aae8c8015c1fec8a5f6c28446c (commit)
via 01c196ea355394343a4ba649f48cb59c8c762def (commit)
via 7e60b496a0f69aea63e3924695edb1b59e81ebe7 (commit)
from b5e87ebb944ca96900102e407f237628c72a695b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ed580c20351143aae8c8015c1fec8a5f6c28446c
Author: Ralph Corderoy <ralph@inputplus.co.uk>
Date: Mon May 10 15:54:06 2021 +0100
sbr/fmt_rfc2047.c: avoid buffer overflow when iconv(3) not used.
If iconv(3) is available then when the available space in the caller's
output buffer reached zero, measured by âdstlenâ, decode_rfc2047()'s
ADDCHR2() macro would jump to the âiconvbuffullâ label which would do
nothing if iconv() wasn't needed for the character set allow the loop to
continue past the end of the buffer.
The fix is to spot iconv isn't being used and jump to the normal
âbuffullâ label.
This was causing mhl(1) to SIGSEGV on an email with lots of Subject
fields where the total field values needed more than the 8Â KiB buffer to
display them all as one Subject field.
commit 01c196ea355394343a4ba649f48cb59c8c762def
Author: Ralph Corderoy <ralph@inputplus.co.uk>
Date: Mon May 10 15:19:43 2021 +0100
sbr/fmt_rfc2047.c: fix buffer overflow due to ADDCHR2() not being used.
The existing ADDCHR2() macro appends a byte to the buffer at âqâ and
then detects that byte filling the buffer's last free element by a
parallel count of the space remaining reaching zero. But the value of a
quoted-printable byte, e.g. â=42â for âBâ, was being stored with
â*q++â,
without decrementing the space remaining and bypassing the check for
exhaustion. This meant further writes continued pass the end of the
buffer until ADDCHR2() was used which wrote one overflowing byte of its
own, decremented the space-remaining count from one to zero, and treated
the buffer as full. Overall, memory corruption of what followed the
caller's buffer results.
commit 7e60b496a0f69aea63e3924695edb1b59e81ebe7
Author: Ralph Corderoy <ralph@inputplus.co.uk>
Date: Sun May 9 14:15:35 2021 +0100
sbr/context_find.c: simplify context_find_by_type()'s logic.
-----------------------------------------------------------------------
Summary of changes:
sbr/context_find.c | 26 ++++++++++++--------------
sbr/fmt_rfc2047.c | 13 +++++++++++--
2 files changed, 23 insertions(+), 16 deletions(-)
hooks/post-receive
--
The nmh Mail Handling System
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [nmh-commits] [SCM] The nmh Mail Handling System branch, master, updated. 1.7-branchpoint-662-ged580c2,
Ralph Corderoy <=