diff options
author | Adrian Reber <adrian@lisas.de> | 2019-02-13 09:12:49 +0100 |
---|---|---|
committer | Adrian Reber <adrian@lisas.de> | 2019-02-13 09:13:03 +0100 |
commit | 5055f4fee07f3eac283b1ce9484713f2a394f4fb (patch) | |
tree | d9e5a9b7feb46cbdf96b211c7162288c924fd8bc /0009-Fix-buffer-overflow-in-add_buff-122.patch | |
parent | f4b8b6f1d01eadf54c12db9be4addfe8d28f8536 (diff) | |
download | bogofilter_EL6-5055f4fee07f3eac283b1ce9484713f2a394f4fb.tar.gz |
Applied 11 patches from Georg Sauthoff (#1676460)
Diffstat (limited to '0009-Fix-buffer-overflow-in-add_buff-122.patch')
-rw-r--r-- | 0009-Fix-buffer-overflow-in-add_buff-122.patch | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/0009-Fix-buffer-overflow-in-add_buff-122.patch b/0009-Fix-buffer-overflow-in-add_buff-122.patch new file mode 100644 index 0000000..f7a2fa2 --- /dev/null +++ b/0009-Fix-buffer-overflow-in-add_buff-122.patch @@ -0,0 +1,74 @@ +From 25412109321aa575647f21b7b8b9f11634071f26 Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 14:57:51 +0100 +Subject: [PATCH 09/11] Fix buffer overflow in add_buff (#122) + +cf. https://sourceforge.net/p/bogofilter/bugs/122/ +--- + src/buff.c | 2 +- + src/lexer.c | 10 +++++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/buff.c b/src/buff.c +index 5342cd2..c325945 100644 +--- a/src/buff.c ++++ b/src/buff.c +@@ -58,7 +58,7 @@ int buff_add(buff_t *self, word_t *in) + int readcnt = in->leng; + uint new_size = self->t.leng + in->leng; + if (new_size > self->size) { +- self->t.u.text = xrealloc(self->t.u.text, new_size); ++ self->t.u.text = xrealloc(self->t.u.text, new_size + D); + self->size = new_size; + } + self->read = readpos; +diff --git a/src/lexer.c b/src/lexer.c +index 63bd4cb..60692b6 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -152,12 +152,14 @@ static int get_decoded_line(buff_t *buff) + { + int count; + buff_t *linebuff; ++ // since msg_state might change during calls ++ bool mime_dont_decode = msg_state->mime_dont_decode; + + #ifdef DISABLE_UNICODE + linebuff = buff; + #else + if (encoding == E_RAW || +- msg_state->mime_dont_decode ) { ++ mime_dont_decode ) { + linebuff = buff; + } + else { +@@ -180,6 +182,8 @@ static int get_decoded_line(buff_t *buff) + } + #endif + ++ // note that this call might invoke got_mimeboundary() thus ++ // changing the global msg_state variable + count = yy_get_new_line(linebuff); + + if (count == EOF) { +@@ -200,7 +204,7 @@ static int get_decoded_line(buff_t *buff) + textblock_add(linebuff->t.u.text+linebuff->read, (size_t) count); + + if ( !msg_header && +- !msg_state->mime_dont_decode && ++ !mime_dont_decode && + msg_state->mime_type != MIME_TYPE_UNKNOWN) + { + word_t temp; +@@ -221,7 +225,7 @@ static int get_decoded_line(buff_t *buff) + + #ifndef DISABLE_UNICODE + if (encoding == E_UNICODE && +- !msg_state->mime_dont_decode && ++ !mime_dont_decode && + count > 0) + { + iconvert(linebuff, buff); +-- +2.20.1 + |