fix CVE-2021-3181
This commit is contained in:
zhanghua1831
parent
d056258811
commit
fa233dd501
39
CVE-2021-3181.patch
Normal file
39
CVE-2021-3181.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 4a2becbdb4422aaffe3ce314991b9d670b7adf17 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin McCarthy <kevin@8t8.us>
|
||||
Date: Sun, 17 Jan 2021 10:40:37 -0800
|
||||
Subject: [PATCH] Fix memory leak parsing group addresses without a display
|
||||
name.
|
||||
|
||||
When there was a group address terminator with no previous
|
||||
addresses (including the group display-name), an address would be
|
||||
allocated but not attached to the address list.
|
||||
|
||||
Change this to only allocate when last exists.
|
||||
|
||||
It would be more correct to not allocate at all unless we are inside a
|
||||
group list, but I will address that in a separate commit to master.
|
||||
---
|
||||
rfc822.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/rfc822.c b/rfc822.c
|
||||
index 7ff4eaa3..ced619f2 100644
|
||||
--- a/rfc822.c
|
||||
+++ b/rfc822.c
|
||||
@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
|
||||
#endif
|
||||
|
||||
/* add group terminator */
|
||||
- cur = rfc822_new_address ();
|
||||
if (last)
|
||||
{
|
||||
- last->next = cur;
|
||||
- last = cur;
|
||||
+ last->next = rfc822_new_address ();
|
||||
+ last = last->next;
|
||||
}
|
||||
|
||||
phraselen = 0;
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: mutt
|
||||
Version: 1.10.1
|
||||
Release: 3
|
||||
Release: 4
|
||||
Epoch: 5
|
||||
Summary: Text-based mail client
|
||||
License: GPLv2+ and Public Domain
|
||||
@ -16,6 +16,7 @@ Patch3: mutt-1.7.0-syncdebug.patch
|
||||
Patch8: mutt-1.5.23-system_certs.patch
|
||||
Patch9: mutt-1.9.0-ssl_ciphers.patch
|
||||
Patch13: CVE-2020-28896.patch
|
||||
Patch14: CVE-2021-3181.patch
|
||||
|
||||
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
|
||||
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
|
||||
@ -120,6 +121,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
|
||||
%{_mandir}/man5/muttrc.*
|
||||
|
||||
%changelog
|
||||
* Sat Feb 20 2021 zhanghua<zhanghua40@huawei.com> - 1.10.1-4
|
||||
- fix CVE-2021-3181
|
||||
|
||||
* Thu Jan 07 2021 wangyue<wangyue92@huawei.com> - 1.10.1-3
|
||||
- fix CVE-2020-28896
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user