19564032 problem in UTILITY/PROCMAIL
authorJohn Beck <John.Beck@Oracle.COM>
Thu, 04 Sep 2014 13:24:25 -0700
changeset 2067 e8c3cd17d19f
parent 2066 8fb2a0f2267c
child 2068 4e371f01e40f
19564032 problem in UTILITY/PROCMAIL
components/procmail/patches/06.CVE-2014-3618.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/procmail/patches/06.CVE-2014-3618.patch	Thu Sep 04 13:24:25 2014 -0700
@@ -0,0 +1,22 @@
+This patch comes from upstream:
+
+http://seclists.org/oss-sec/2014/q3/495
+
+We presume it will be part of a future release of procmail.
+
+--- procmail-3.22/src/formisc.c.~2~	2014-09-04 08:56:27.832599147 -0700
++++ procmail-3.22/src/formisc.c	2014-09-04 08:56:54.543558430 -0700
[email protected]@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }