Fix buffer overflow in mutt_gecos_name().

From ray@ (snapshot), applied to stable and tested by me. Feedback from wilfried@ and (via ray@) moritz@. ok moritz@ steven@
2007-05-04 09:09:31 +00:00 · 2007-05-04 09:09:31 +00:00 · b76042086c
commit b76042086c
parent 2a66360148
4 changed files with 34 additions and 6 deletions
--- a/mail/mutt/snapshot/Makefile
+++ b/mail/mutt/snapshot/Makefile
@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.40 2006/08/02 14:30:09 bernd Exp $
+# $OpenBSD: Makefile,v 1.41 2007/05/04 09:09:31 kili Exp $

 COMMENT=	"tty-based e-mail client, development version"

 VERSION=	1.5.12
 DISTNAME=	mutt-${VERSION}
+PKGNAME=	${DISTNAME}p0
 MASTER_SITES=	${MASTER_SITES_MUTT:=devel/}

 FLAVORS=	hcache idn sidebar
--- a/mail/mutt/snapshot/patches/patch-muttlib_c
+++ b/mail/mutt/snapshot/patches/patch-muttlib_c
@ -0,0 +1,15 @@
+$OpenBSD: patch-muttlib_c,v 1.1 2007/05/04 09:09:31 kili Exp $
+
+--- muttlib.c.orig	Thu May  3 09:41:31 2007
+++ muttlib.c	Thu May  3 13:54:16 2007
+@@ -536,7 +536,9 @@ char *mutt_gecos_name (char *dest, size_t destlen, str
+   {
+     if (dest[idx] == '&')
+     {
+-      memmove (&dest[idx + pwnl], &dest[idx + 1],
+      /* Don't move if destination is outside buffer. */
+      if (idx + pwnl < destlen)
+        memmove (&dest[idx + pwnl], &dest[idx + 1],
+ 	       MAX(destlen - idx - pwnl - 1, 0));
+       memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
+       dest[idx] = toupper ((unsigned char) dest[idx]);
--- a/mail/mutt/stable/Makefile
+++ b/mail/mutt/stable/Makefile
@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.30 2006/08/02 14:30:09 bernd Exp $
+# $OpenBSD: Makefile,v 1.31 2007/05/04 09:09:31 kili Exp $

 COMMENT=	"tty-based e-mail client"

 VERSION=	1.4.2.2
 DISTNAME=	mutt-${VERSION}i
+PKGNAME=	${DISTNAME}p0
 MASTER_SITES=	${MASTER_SITES_MUTT}

 .include <bsd.port.mk>
--- a/mail/mutt/stable/patches/patch-muttlib_c
+++ b/mail/mutt/stable/patches/patch-muttlib_c
@ -1,7 +1,18 @@
-$OpenBSD: patch-muttlib_c,v 1.1 2005/09/05 20:17:33 fgsch Exp $
--- muttlib.c.orig	Tue Aug 30 20:31:27 2005
-+++ muttlib.c	Tue Aug 30 20:39:17 2005
-@@ -809,8 +809,8 @@ void mutt_expand_fmt (char *dest, size_t
+$OpenBSD: patch-muttlib_c,v 1.2 2007/05/04 09:09:31 kili Exp $
+--- muttlib.c.orig	Mon Mar 25 06:29:32 2002
+++ muttlib.c	Thu May  3 14:11:50 2007
+@@ -513,7 +513,9 @@ char *mutt_gecos_name (char *dest, size_t destlen, str
+   {
+     if (dest[idx] == '&')
+     {
+-      memmove (&dest[idx + pwnl], &dest[idx + 1],
+      /* Don't move if destination is outside buffer. */
+      if (idx + pwnl < destlen)
+        memmove (&dest[idx + pwnl], &dest[idx + 1],
+ 	       MAX(destlen - idx - pwnl - 1, 0));
+       memcpy (&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
+       dest[idx] = toupper (dest[idx]);
+@@ -809,8 +811,8 @@ void mutt_expand_fmt (char *dest, size_t destlen, cons
     }
     else if (p[1] == '%')
       p++;