ood-ports-lbsd/mail/procmail/patches/patch-src_formisc_c

$OpenBSD: patch-src_formisc_c,v 1.2 2014/09/05 13:52:19 sthen Exp $

Hunk #1: CVE-2014-3618, heap overflow in formail when parsing addresses
with unbalanced quotes.

--- src/formisc.c.orig	Fri Jun 29 03:20:45 2001
+++ src/formisc.c	Thu Sep  4 16:15:48 2014
@@ -84,12 +84,11 @@ normal:	   *target++= *start++;
 	case '"':*target++=delim='"';start++;
       }
      ;{ int i;
-	do
+	while(*start)
 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
 	      break;
 	   else if(i=='\\'&&*start)		    /* skip quoted character */
 	      *target++= *start++;
-	while(*start);						/* anything? */
       }
      hitspc=2;
    }
@@ -115,7 +114,7 @@ void loadchar(c)const int c;		      /* append one char
   buf[buffilled++]=c;
 }
 
-int getline P((void))			   /* read a newline-terminated line */
+int get_line P((void))			   /* read a newline-terminated line */
 { if(buflast==EOF)			 /* at the end of our Latin already? */
    { loadchar('\n');					  /* fake empty line */
      return EOF;					  /* spread the word */