diff --git a/bsc907453-CVE-2014-9116-jessie.patch b/bsc907453-CVE-2014-9116-jessie.patch new file mode 100644 index 0000000..a722920 --- /dev/null +++ b/bsc907453-CVE-2014-9116-jessie.patch @@ -0,0 +1,43 @@ +This patch solves the issue raised by CVE-2014-9116 in bug 771125. + +We correctly redefine what are the whitespace characters as per RFC5322; by +doing so we prevent mutt_substrdup from being used in a way that could lead to +a segfault. + +The lib.c part was written by Antonio Radici to prevent +crashes due to this kind of bugs from happening again. + +The wheezy version of this patch is slightly different, therefore this patch +has -jessie prefixed in its name. + +Index: mutt/lib.c +=================================================================== +--- mutt/lib.c ++++ mutt/lib.c +@@ -819,6 +819,9 @@ char *mutt_substrdup (const char *begin, + size_t len; + char *p; + ++ if (end != NULL && end < begin) ++ return NULL; ++ + if (end) + len = end - begin; + else +Index: mutt/sendlib.c +=================================================================== +--- mutt/sendlib.c ++++ mutt/sendlib.c +@@ -1814,7 +1814,11 @@ static int write_one_header (FILE *fp, i + { + tagbuf = mutt_substrdup (start, t); + ++t; /* skip over the colon separating the header field name and value */ +- SKIPWS(t); /* skip over any leading whitespace */ ++ ++ /* skip over any leading whitespace (WSP, as defined in RFC5322) */ ++ while (*t == ' ' || *t == '\t') ++ t++; ++ + valbuf = mutt_substrdup (t, end); + } + dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " diff --git a/mutt.changes b/mutt.changes index 1ba6b2f..5bc1877 100644 --- a/mutt.changes +++ b/mutt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Dec 4 12:03:10 UTC 2014 - werner@suse.de + +- Add patch bsc907453-CVE-2014-9116-jessie.patch to fix bsc#907453 + CVE-2014-9116: heap-based buffer overflow in mutt_substrdup() + ------------------------------------------------------------------- Tue Nov 18 08:15:09 UTC 2014 - lnussel@suse.de diff --git a/mutt.spec b/mutt.spec index 30304eb..f38bdac 100644 --- a/mutt.spec +++ b/mutt.spec @@ -107,6 +107,8 @@ Patch16: mutt-1.5.21-cariage-return.path Patch17: mutt-CVE-2014-0467.patch # PATCH-FIX-OPENSUSE bnc#899712 - fallback mailcap for e.g text/html Patch18: mutt-1.5.21-mailcap.diff +# PATCH-FIX-SUSE: bsc#907453 - CVE-2014-9116: mutt: heap-based buffer overflow in mutt_substrdup() +Patch19: bsc907453-CVE-2014-9116-jessie.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir %{_sysconfdir} @@ -141,6 +143,7 @@ done %patch16 -p0 -b .crlf %patch17 -p1 -b .cve.2014.0467 %patch18 -p1 -b .mailcap +%patch19 -p1 -b .cvw2014.9116 cp doc/Muttrc Muttrc.SuSE cp %{S:2} .